# Token Exchange

Token Exchange bridges your existing auth provider to the Civic security layer. Your users already sign in with Google, Auth0, Azure AD, or Okta. Token Exchange converts those tokens into Civic tokens via a single POST request using standard OAuth 2.0 Token Exchange (RFC 8693). The page covers two flows: Federated Token Exchange (bring any external provider) and Civic Token Exchange (scope-reduce an existing Civic token for agent delegation). Once exchanged, agents connect through Civic with the user's scoped permissions, full audit trails, and instant revocation. No SDK required, no re-authentication, no login screen changes.

Source: https://www.civic.com/features/token-exchange