Dry-run: erp_user_1

Assertion built and signed — no Auth0 call made.

ERP usererp_user_1
Vessel uservessel_user_a
vessel_user_idauth0|69DCF6A2978FFFF6332F75F0
erp_sessionerp-sess-c765640f-a764-43b0-a878-ac46d5e1cb8f

Assertion payload

{
  "iss": "https://erp-dev.vesselman.com",
  "aud": "urn:vesselman:token-exchange",
  "iat": 1781261789,
  "exp": 1781261849,
  "jti": "8c7d2a70-b8fd-464d-8311-1841d52c295a",
  "vessel_user_id": "auth0|69DCF6A2978FFFF6332F75F0",
  "erp_user": "erp_user_1",
  "erp_session": "erp-sess-c765640f-a764-43b0-a878-ac46d5e1cb8f"
}

Assertion (subject_token)

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik05cTh6a3FjR19tZW1WMTduczFIU3lyRlVlbndIWFh5emdKaFlOVW56VjQifQ.eyJpc3MiOiJodHRwczovL2VycC1kZXYudmVzc2VsbWFuLmNvbSIsImF1ZCI6InVybjp2ZXNzZWxtYW46dG9rZW4tZXhjaGFuZ2UiLCJpYXQiOjE3ODEyNjE3ODksImV4cCI6MTc4MTI2MTg0OSwianRpIjoiOGM3ZDJhNzAtYjhmZC00NjRkLTgzMTEtMTg0MWQ1MmMyOTVhIiwidmVzc2VsX3VzZXJfaWQiOiJhdXRoMHw2OURDRjZBMjk3OEZGRkY2MzMyRjc1RjAiLCJlcnBfdXNlciI6ImVycF91c2VyXzEiLCJlcnBfc2Vzc2lvbiI6ImVycC1zZXNzLWM3NjU2NDBmLWE3NjQtNDNiMC1hODc4LWFjNDZkNWUxY2I4ZiJ9.is3IwK6-SAbsEemhajd9xYAVBFZaVKr6TV9DtJtxnI3AjYIrk-xZQxADJO6BpUbHJr5m50M4Hlv1tRjGYtpPrxW6NPQyvJWLep6c2JHkACp-qIyxHgqDzTQGZnnKaEiGaHm1Q3Y9L4VFs-F4yatKEdawOhGkI6SJKZbqG259ZyynH-hKzSSgQsex7IXXMt8ogrhu1VAHltr-144BR34YHM8v7osWkrvpo1hj0pYppzgGcezXxEh2hqEamNaQdSxnWOB33CRmihHRi93h5dwN9zhdi_Qt0e8oqhLkUH_PI1woUamPbFJyHS8rp7nd75jBpD7H-ltjpB3TUalWngVLTQ

Equivalent BFF exchange (curl)

curl -X POST https://marcura-dev.eu.auth0.com/oauth/token \
  -d grant_type=urn:ietf:params:oauth:grant-type:token-exchange \
  -d subject_token_type=urn:vesselman:erp-assertion \
  -d "subject_token=<assertion above>" \
  -d client_id=Z5qO6B52BWN1UZ8DIZFvEIBaemoacD1Y \
  -d client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
  -d "client_assertion=<private_key_jwt signed by the BFF key>" \
  -d "scope=openid profile email"

← ERP test client home