Type alias CustomTokenExchangeOptions

Type declaration

• [key: string]: unknown

  Additional custom parameters for Auth0 Action processing

  Remarks

  Accessible in Action code via event.request.body

  Example

  {
    custom_parameter: "session_context",
    device_fingerprint: "a3d8f7...",
  }
  Copy

• Optional audience?: string

  The target audience for the requested Auth0 token

  Remarks

  Must match exactly with an API identifier configured in your Auth0 tenant. If not provided, falls back to the client's default audience.

  Example

  "https://api.your-service.com/v1"
  Copy

• Optional scope?: string

  Space-separated list of OAuth 2.0 scopes being requested

  Remarks

  Subject to API authorization policies configured in Auth0

  Example

  "openid profile email read:data write:data"
  Copy

• subject_token: string

  The opaque token value being exchanged for Auth0 tokens

  Security

  • Must be validated in Auth0 Actions using strong cryptographic verification
  • Implement replay attack protection
  • Recommended validation libraries: jose, jsonwebtoken

  Example

  "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
  Copy

• subject_token_type: string

  The type identifier for the subject token being exchanged

  Pattern

  • Must be a namespaced URI under your organization's control
  • Forbidden patterns:
    • ^urn:ietf:params:oauth:* (IETF reserved)
    • ^https://auth0\.com/* (Auth0 reserved)
    • ^urn:auth0:* (Auth0 reserved)

  Example

  "urn:acme:legacy-system-token"
  "https://api.yourcompany.com/token-type/v1"
  Copy