Interface CustomTokenExchangeOptions

Actor token for delegation/impersonation scenarios (RFC 8693). Represents the identity of the acting party.

If provided, actorTokenType is required.

Actor token type URI (required if actorToken is provided).

Additional custom parameters passed to the token endpoint. Accessible in Auth0 Action via event.request.body.

Use this for custom parameters instead of index signature to avoid TypeScript issues.

The unique identifier of the target API.

Organization ID or name for multi-tenant scenarios. The organization ID will be present in the resulting access token claims.

Space-delimited OAuth 2.0 scopes.

Note: These scopes are merged with SDK default scopes (openid profile email offline_access). Duplicates are removed.

The external token being exchanged. This will be validated by your Auth0 Action with the Custom Token Exchange trigger.

Validation: Must be a non-empty string.

Custom URI identifying the token type.

Validation Rules:

• Must be 10-100 characters
• Must be a valid URI (URL or URN format)

Note: Reserved namespaces are validated by Auth0 when creating CTE profiles.