@auth0/auth0-react
    Preparing search index...

    Type Alias CustomTokenExchangeOptions

    Represents the configuration options required for initiating a Custom Token Exchange request following RFC 8693 specifications.

    RFC 8693: OAuth 2.0 Token Exchange

    type CustomTokenExchangeOptions = {
        audience?: string;
        organization?: string;
        scope?: string;
        subject_token: string;
        subject_token_type: string;
        [key: string]: unknown;
    }

    Indexable

    • [key: string]: unknown

      Additional custom parameters for Auth0 Action processing

      Accessible in Action code via event.request.body

      {
        custom_parameter: "session_context",
        device_fingerprint: "a3d8f7...",
      }
    Index

    Properties

    audience? organization? scope? subject_token subject_token_type

    Properties

    audience?: string

    The target audience for the requested Auth0 token

    Must match exactly with an API identifier configured in your Auth0 tenant. If not provided, falls back to the client's default audience.

    "https://api.your-service.com/v1"
    organization?: string

    ID or name of the organization to use when authenticating a user. When provided, the user will be authenticated using the organization context. The organization ID will be present in the access token payload.

    scope?: string

    Space-separated list of OAuth 2.0 scopes being requested

    Subject to API authorization policies configured in Auth0

    "openid profile email read:data write:data"
    subject_token: string

    The opaque token value being exchanged for Auth0 tokens

    • Must be validated in Auth0 Actions using strong cryptographic verification
    • Implement replay attack protection
    • Recommended validation libraries: jose, jsonwebtoken
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
    subject_token_type: string

    The type identifier for the subject token being exchanged

    • Must be a namespaced URI under your organization's control
    • Forbidden patterns:
      • ^urn:ietf:params:oauth:* (IETF reserved)
      • ^https://auth0\.com/* (Auth0 reserved)
      • ^urn:auth0:* (Auth0 reserved)
    "urn:acme:legacy-system-token"
    "https://api.yourcompany.com/token-type/v1"

    Settings

    Member Visibility

    On This Page

    Properties