@auth0/nextjs-auth0 - v4.21.0
    Preparing search index...

    Type Alias AccessTokenOptions

    Options for fetching an access token.

    Important for Multi-API Applications: When your application calls multiple APIs with different audiences, you must specify the audience parameter to ensure the correct access token is retrieved. Without specifying the audience, the default access token from the session will be used, which may be intended for a different API.

    // Single API - no audience needed (uses session token)
    const token = await getAccessToken();

    // Multi-API - specify audience for correct token
    const profileToken = await getAccessToken({
      audience: 'https://profile-api.example.com'
    });
    const ordersToken = await getAccessToken({
      audience: 'https://orders-api.example.com'
    });

    // Custom route - useful for multi-tenant applications
    const token = await getAccessToken({
      route: '/tenant-a/auth/access-token'
    });
    type AccessTokenOptions = {
        audience?: string;
        includeFullResponse?: boolean;
        mergeScopes?: boolean;
        route?: string;
        scope?: string;
    }
    Index

    Properties

    audience? includeFullResponse? mergeScopes? route? scope?

    Properties

    audience?: string

    The unique identifier of the target API. This should match the API identifier configured in Auth0.

    Critical for Multi-API Applications: If your application calls multiple APIs, you must specify this parameter to ensure the correct access token is used for each API. Each API requires its own access token with the appropriate audience.

    Configuration Requirement: When using audience or scope, ensure that the audiences and scopes are part of your Auth0 Application's Refresh Token Policies. This requires configuring Multi-Resource Refresh Tokens (MRRT) in your Auth0 Application settings.

    https://auth0.com/docs/secure/tokens/refresh-tokens/multi-resource-refresh-token - Multi-Resource Refresh Tokens documentation

    'https://api.example.com'

    'https://orders-api.mycompany.com'
    includeFullResponse?: boolean

    When true, returns the full response from the /auth/access-token endpoint instead of only the access token string.

    false
    mergeScopes?: boolean

    Control scope merging behavior for token cache lookups.

    When true (default): merges globally configured scopes with the requested scope before looking up cached tokens. This is the standard behavior for the default audience.

    When false: uses ONLY the explicitly requested scope for cache lookup, without merging global defaults. This is necessary when retrieving tokens for non-default audiences (e.g., step-up MFA tokens) where the cached token was stored with a specific scope that differs from global defaults.

    true

    // Retrieve a step-up token cached with exact scope (no global merge)
    const token = await getAccessToken({
      audience: 'https://api.example.com',
      scope: 'read:sensitive',
      mergeScopes: false
    });
    route?: string

    Custom route for the access token endpoint. Useful for multi-tenant applications where different tenants require different route configurations. If not specified, falls back to the NEXT_PUBLIC_ACCESS_TOKEN_ROUTE environment variable or "/auth/access-token".

    '/tenant-a/auth/access-token'
    scope?: string

    Additional scopes to request beyond those granted during login. Requires the Auth0 Application to be configured for Multi-Resource Refresh Tokens (MRRT).

    'read:profile write:profile'

    Settings

    Member Visibility

    On This Page

    Properties