<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Okta for AI Agents Grants
Jun 2, 2026
Okta Identity Engine
Okta For AI Agents
Overview

Okta does not require the Token Exchange grant type for the OpenID Connect (OIDC) Web App used as the User Sign-On App in the Okta for AI Agents configuration. The AI Agent workload principal facilitates the token exchange calls requiring that grant type natively.

Applies To
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
  • Okta for AI Agents
  • OpenID Connect (OIDC)
Solution

Is the Token Exchange grant type required for the OpenID Connect Web App?

Okta does not require the Token Exchange grant type for the OIDC Web App used as the User Sign-On App in the AI Agents configuration. The AI Agent workload principal, which is the Client ID of the Agent, facilitates the token exchange calls requiring that grant type. The AI Agent supports this natively.

Recommended content

Still looking for help?
Loading
Okta for AI Agents Grants