> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn about the custom-token-exchange Action trigger's event object, which provides contextual information about the trigger execution.

# Actions Triggers: custom-token-exchange - Event Object

The `event` object for the custom-token-exchange Actions trigger provides contextual information about the trigger execution.

## `event.client`

<ResponseField name="event.client" type="dictionary">
  Information about the Client with which this transaction was initiated.

  <Expandable title="client properties" defaultOpen>
    <ResponseField name="client_id" type="string">
      The client id of the application the user is logging in to.
    </ResponseField>

    <ResponseField name="metadata" type="dictionary">
      An object for holding other application properties.
    </ResponseField>

    <ResponseField name="name" type="string">
      The name of the application (as defined in the Dashboard).
    </ResponseField>
  </Expandable>
</ResponseField>

## `event.organization`

<ResponseField name="event.organization" type="dictionary" post={["optional"]}>
  Details about the Organization associated with the current transaction.

  <Expandable title="organization properties" defaultOpen>
    <ResponseField name="id" type="string">
      The Organization identifier.
    </ResponseField>

    <ResponseField name="display_name" type="string">
      The friendly name of the Organization.
    </ResponseField>

    <ResponseField name="metadata" type="dictionary">
      Metadata associated with the Organization.
    </ResponseField>

    <ResponseField name="name" type="string">
      The name of the Organization.
    </ResponseField>
  </Expandable>
</ResponseField>

## `event.request`

<ResponseField name="event.request" type="dictionary">
  Details about the request that initiated the transaction.

  <Expandable title="request properties" defaultOpen>
    <ResponseField name="body" type="dictionary">
      The body of the POST request. This data will only be available during refresh token, Client Credential Exchange flows and PreUserRegistration Action.
    </ResponseField>

    <ResponseField name="geoip" type="dictionary">
      <Expandable title="geoip properties" defaultOpen>
        <ResponseField name="cityName" type="string" post={["optional"]} />

        <ResponseField name="continentCode" type="string" post={["optional"]} />

        <ResponseField name="countryCode" type="string" post={["optional"]} />

        <ResponseField name="countryCode3" type="string" post={["optional"]} />

        <ResponseField name="countryName" type="string" post={["optional"]} />

        <ResponseField name="latitude" type="number" post={["optional"]} />

        <ResponseField name="longitude" type="number" post={["optional"]} />

        <ResponseField name="subdivisionCode" type="string" post={["optional"]} />

        <ResponseField name="subdivisionName" type="string" post={["optional"]} />

        <ResponseField name="timeZone" type="string" post={["optional"]} />
      </Expandable>
    </ResponseField>

    <ResponseField name="hostname" type="string" post={["optional"]}>
      The hostname that is being used for the authentication flow.
    </ResponseField>

    <ResponseField name="ip" type="string">
      The originating IP address of the request.
    </ResponseField>

    <ResponseField name="language" type="string" post={["optional"]}>
      The language requested by the browser.
    </ResponseField>

    <ResponseField name="method" type="string">
      The HTTP method used for the request
    </ResponseField>

    <ResponseField name="user_agent" type="string" post={["optional"]}>
      The value of the `User-Agent` header received when initiating the transaction.
    </ResponseField>
  </Expandable>
</ResponseField>

## `event.resource_server`

<ResponseField name="event.resource_server" type="object">
  Details about the resource server to which the access is being requested.

  <Expandable title="resource_server properties" defaultOpen>
    <ResponseField name="identifier" type="string">
      The identifier of the resource server. For example: `https://your-api.example.com`.
    </ResponseField>
  </Expandable>
</ResponseField>

## `event.secrets`

<ResponseField name="event.secrets" type="secrets">
  Secret values securely associated with this Action.
</ResponseField>

## `event.tenant`

<ResponseField name="event.tenant" type="object">
  Details about the Tenant associated with the current transaction.

  <Expandable title="tenant properties" defaultOpen>
    <ResponseField name="id" type="string">
      The name of the tenant.
    </ResponseField>
  </Expandable>
</ResponseField>

## `event.transaction`

<ResponseField name="event.transaction" type="dictionary">
  Details about the current custom token exchange transaction.

  <Expandable title="transaction properties" defaultOpen>
    <ResponseField name="actor_token" type="string" post={["optional"]}>
      The actor token provided in the token exchange request.
    </ResponseField>

    <ResponseField name="actor_token_type" type="string" post={["optional"]}>
      The type of the actor token provided in the token exchange request.
    </ResponseField>

    <ResponseField name="actor_token_user" type="dictionary" post={["optional"]}>
      The user represented by the actor token. This will only be present if the actor\_token\_type is urn:ietf:params:oauth:token-type:id\_token and the actor token provided in the token exchange request is a valid Auth0 generated ID token.

      <Expandable title="actor_token_user properties" defaultOpen>
        <ResponseField name="app_metadata" type="dictionary">
          Custom fields that store info about a user that influences the user's access, such as support plan, security roles, or access control groups.
        </ResponseField>

        <ResponseField name="created_at" type="string">
          Timestamp indicating when the user profile was first created.
        </ResponseField>

        <ResponseField name="email" type="string" post={["optional"]}>
          (unique) User's email address.
        </ResponseField>

        <ResponseField name="email_verified" type="boolean">
          Indicates whether the user has verified their email address.
        </ResponseField>

        <ResponseField name="family_name" type="string" post={["optional"]}>
          User's family name.
        </ResponseField>

        <ResponseField name="given_name" type="string" post={["optional"]}>
          User's given name.
        </ResponseField>

        <ResponseField name="last_password_reset" type="string" post={["optional"]}>
          Timestamp indicating the last time the user's password was reset/changed. At user creation, this field does not exist. This property is only available for Database connections.
        </ResponseField>

        <ResponseField name="name" type="string" post={["optional"]}>
          User's full name.
        </ResponseField>

        <ResponseField name="nickname" type="string" post={["optional"]}>
          User's nickname.
        </ResponseField>

        <ResponseField name="phone_number" type="string" post={["optional"]}>
          User's phone number.
        </ResponseField>

        <ResponseField name="phone_verified" type="boolean" post={["optional"]}>
          Indicates whether the user has verified their phone number.
        </ResponseField>

        <ResponseField name="picture" type="string" post={["optional"]}>
          URL pointing to the [user's profile picture](https://auth0.com/docs/users/change-user-picture).
        </ResponseField>

        <ResponseField name="updated_at" type="string">
          Timestamp indicating when the user's profile was last updated/modified.
        </ResponseField>

        <ResponseField name="user_id" type="string">
          (unique) User's unique identifier.
        </ResponseField>

        <ResponseField name="user_metadata" type="dictionary">
          Custom fields that store info about a user that does not impact what they can or cannot access, such as work address, home address, or user preferences.
        </ResponseField>

        <ResponseField name="username" type="string" post={["optional"]}>
          (unique) User's username.
        </ResponseField>

        <ResponseField name="enrolledFactors" type="array of objects" post={["optional"]}>
          An array of authentication factors that the user has enrolled.

          <Expandable title="enrolledFactors properties">
            <ResponseField name="type" type="string">
              The type of authentication factor such as `push-notification`, `phone`, `email`, `otp`, `webauthn-roaming` and `webauthn-platform`.
            </ResponseField>

            <ResponseField name="options" type="dictionary" post={["optional"]}>
              Additional options describing this instance of the enrolled factor.
            </ResponseField>
          </Expandable>
        </ResponseField>

        <ResponseField name="multifactor" type="array of strings" post={["optional"]}>
          List of multi-factor authentication (MFA) providers with which the user is enrolled. This array is updated when the user enrolls in MFA and when an administrator resets a user's MFA enrollments.
        </ResponseField>

        <ResponseField name="identities" type="array of objects">
          Contains info retrieved from the identity provider with which the user originally authenticates. Users may also link their profile to multiple identity providers; those identities will then also appear in this array. The contents of an individual identity provider object varies by provider.

          <Expandable title="identities element properties">
            <ResponseField name="connection" type="string" post={["optional"]}>
              Name of the Auth0 connection used to authenticate the user.
            </ResponseField>

            <ResponseField name="isSocial" type="boolean" post={["optional"]}>
              Indicates whether the connection is a social one.
            </ResponseField>

            <ResponseField name="profileData" type="dictionary" post={["optional"]}>
              User information associated with the connection. When profiles are linked, it is populated with the associated user info for secondary accounts.
            </ResponseField>

            <ResponseField name="provider" type="string" post={["optional"]}>
              Name of the entity that is authenticating the user, such as Facebook, Google, SAML, or your own provider.
            </ResponseField>

            <ResponseField name="user_id" type="string" post={["optional"]}>
              User's unique identifier for this connection/provider.
            </ResponseField>
          </Expandable>
        </ResponseField>
      </Expandable>
    </ResponseField>

    <ResponseField name="requested_scopes" type="array of strings">
      The scopes requested (if any) provided in the token exchange request.
    </ResponseField>

    <ResponseField name="requested_token_type" type="string">
      The type of token to be generated by Auth0. For example: urn:ietf:params:oauth:token-type:access\_token.
    </ResponseField>

    <ResponseField name="subject_token" type="string">
      The subject token provided in the token exchange request.
    </ResponseField>

    <ResponseField name="subject_token_type" type="string">
      The subject\_token\_type provided in the token exchange request.
    </ResponseField>
  </Expandable>
</ResponseField>