diff --git a/internal/oidc/oidc.go b/internal/oidc/oidc.go
index 7c550751..81c7d54c 100644
--- a/internal/oidc/oidc.go
+++ b/internal/oidc/oidc.go
@@ -83,7 +83,7 @@ func PinnipedCLIOIDCClient() *fosite.DefaultOpenIDConnectClient {
 			Public:        true,
 			RedirectURIs:  []string{"http://127.0.0.1/callback"},
 			ResponseTypes: []string{"code"},
-			GrantTypes:    []string{"authorization_code"},
+			GrantTypes:    []string{"authorization_code", "token_exchange"},
 			Scopes:        []string{"openid", "profile", "email"},
 		},
 		TokenEndpointAuthMethod: "none",
diff --git a/internal/oidc/token_exchange.go b/internal/oidc/token_exchange.go
new file mode 100644
index 00000000..2f3f1ee1
--- /dev/null
+++ b/internal/oidc/token_exchange.go
@@ -0,0 +1,23 @@
+package oidc
+
+import (
+	"context"
+
+	"github.com/ory/fosite"
+	"github.com/ory/fosite/compose"
+)
+
+func TokenExchangeFactory(config *compose.Config, storage interface{}, strategy interface{}) interface{} {
+	return &TokenExchangeHandler{}
+}
+
+type TokenExchangeHandler struct {
+}
+
+func (t *TokenExchangeHandler) HandleTokenEndpointRequest(ctx context.Context, requester fosite.AccessRequester) error {
+	return nil
+}
+
+func (t *TokenExchangeHandler) PopulateTokenEndpointResponse(ctx context.Context, requester fosite.AccessRequester, responder fosite.AccessResponder) error {
+	return nil
+}