I’m trying to find the official Auth0 documentation on token exchange: when an API receives an access token from a FrontEnd application with audience A and scope X and needs to call a downstream API but that it requires a different audience or scope and still propagate user identification, what does Auth0 offer for that?
Does Auth0 offers a way to exchange this access token for another one with either audience B or scope Y? This is known as token exchange. How does this compare to Delegation Token?
Auth0 does not currently support the token exchange grant type - All supported grant types are listed here. It looks like there’s an existing feedback request for token exchange, so I definitely encourage input there!
You might want to take a look at using a single logical API, although this does not address the need for additional scopes. Silent auth could prove useful as well.