Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0.com/llms.txt

Use this file to discover all available pages before exploring further.

The API object for the credentials-exchange Actions trigger includes:

api.access

Control availability to the access token.

api.access.deny(code, reason)

Mark the current token exchange as denied.
code
string
The protocol-specific error code justifying the rejection of the login.Allowed values: invalid_scope, invalid_request, server_error
reason
string
optional
A human-readable explanation for rejecting the access token grant.

api.accessToken

Request changes to the access token being issued.

api.accessToken.setCustomClaim(key, value)

Set a custom claim on the Access Token that will be issued.
key
string
Name of the claim (note that this may need to be a fully-qualified url).
value
unknown
The value of the claim.

api.cache

Make changes to the cache.

api.cache.delete(key)

Delete a record describing a cached value at the supplied key if it exists.
key
string
The key of the cache record to delete.

api.cache.get(key)

Retrieve a record describing a cached value at the supplied key, if it exists. If a record is found, the cached value can be found at the value property of the returned object.
key
string
The key of the record stored in the cache.

api.cache.set(key, value, options)

Store or update a string value in the cache at the specified key. Values stored in this cache are scoped to the Trigger in which they are set. They are subject to the Actions Cache Limits. Values stored in this way will have lifetimes of up to the specified ttl or expires_at values. If no lifetime is specified, a default of lifetime of 15 minutes will be used. Lifetimes may not exceed the maximum duration listed at Actions Cache Limits. Important: This cache is designed for short-lived, ephemeral data. Items may not be available in later transactions even if they are within their supplied their lifetime.
key
string
The key of the record to be stored.
value
string
The value of the record to be stored.
options
cachesetoptions
optional
Options for adjusting cache behavior.

api.transaction

[Early Access] Make changes to the transaction.

api.transaction.addTargetScope(scope)

[Early Access] Add a scope to the target scope set. Added scopes are intersected with the client grant after all Actions complete. Scopes not present in the grant are silently dropped from the final access token.
scope
string
The scope to add.
exports.onExecuteCredentialsExchange = async (event, api) => {
  api.transaction.addTargetScope('read:reports');
};

api.transaction.removeTargetScope(scope)

[Early Access] Remove a scope from the target scope set.
scope
string
The scope to remove.
exports.onExecuteCredentialsExchange = async (event, api) => {
  api.transaction.removeTargetScope('admin:full');
};

api.transaction.setTargetScopes(scopes)

[Early Access] Replace the entire target scope set. The new scopes are intersected with the client grant after all Actions complete. Scopes not present in the grant are silently dropped from the final access token.
scopes
array of strings
The new target scope set.
exports.onExecuteCredentialsExchange = async (event, api) => {
  api.transaction.setTargetScopes(['read:users', 'write:users']);
};

api.transaction.clearTargetScopes()

[Early Access] Remove all scopes from the target scope set. 
exports.onExecuteCredentialsExchange = async (event, api) => {
  api.transaction.clearTargetScopes();
};