You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Enable delegation scenarios where one service acts on behalf of a user.
67
+
Enable delegation scenarios where one party acts on behalf of a user. The acting party is supplied via `actor_token`, and Auth0 records it in the [`act` claim](https://datatracker.ietf.org/doc/html/rfc8693#section-4.1) on the issued tokens.
# The actor claim is surfaced on the response. It may nest for delegation chains.
82
+
if response.act:
83
+
print(f"Acting party: {response.act['sub']}")
80
84
```
81
85
86
+
When you establish a session with `login_with_custom_token_exchange()`, the `act` claim is persisted on the session user and can be read back later via `get_user()`:
87
+
88
+
```python
89
+
result =await auth0.login_with_custom_token_exchange(
> **NOTE**: When an `actor_token` is present, Auth0 does not issue a refresh token (the `offline_access` scope is dropped). A subsequent refresh-token grant therefore cannot re-emit the `act` claim, so the acting party is fixed at exchange time.
105
+
82
106
## 4. Custom Authorization Parameters
83
107
84
108
Pass additional parameters to the token endpoint.
@@ -133,6 +157,7 @@ except CustomTokenExchangeError as e:
133
157
134
158
-`INVALID_TOKEN_FORMAT`: Token is empty, whitespace-only, or has "Bearer " prefix
135
159
-`MISSING_ACTOR_TOKEN_TYPE`: `actor_token` provided without `actor_token_type`
160
+
-`MISSING_ACTOR_TOKEN`: `actor_token_type` provided without `actor_token`
136
161
-`TOKEN_EXCHANGE_FAILED`: General token exchange failure
137
162
-`INVALID_RESPONSE`: Auth0 returned a non-JSON response
0 commit comments