Credentials Exchange Extensibility PointBeta

The credentials-exchange extensibility point allows you to change the scopes and add custom claims to the Access Tokens issued by the Auth0 API's POST /oauth/token endpoint during runtime.

Please see Client Credentials Flow for more information on the Client Credentials Grant.

Claim types

You can add the following as claims to the issued token:

  • The scope property of the response object;

  • Any properties with namespaced property names:

    • URLs with HTTP or HTTPS schemes
    • URLs with hostnames that aren't,,, or the associated subdomain names

The extensibility point will ignore all other response object properties.

If you need to configure client secrets and access them within Hooks, use context.webtask.secrets.SECRET_NAME.

Next steps

Learn more on how to use the Credentials Exchange Extensibility Point