Dry-run: erp_user_4

Assertion built and signed — no Auth0 call made.

ERP usererp_user_4
Vessel uservessel_user_b
vessel_user_idAUTH0|6A21582266777B8516430BC2
erp_sessionerp-sess-a635183f-d5ce-4459-983e-be5208635a47

Assertion payload

{
  "iss": "https://erp-dev.vesselman.com",
  "aud": "urn:vesselman:token-exchange",
  "iat": 1781261561,
  "exp": 1781261621,
  "jti": "346d1fe6-062d-485a-a769-646f2a7d4b56",
  "vessel_user_id": "AUTH0|6A21582266777B8516430BC2",
  "erp_user": "erp_user_4",
  "erp_session": "erp-sess-a635183f-d5ce-4459-983e-be5208635a47"
}

Assertion (subject_token)

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6Ik05cTh6a3FjR19tZW1WMTduczFIU3lyRlVlbndIWFh5emdKaFlOVW56VjQifQ.eyJpc3MiOiJodHRwczovL2VycC1kZXYudmVzc2VsbWFuLmNvbSIsImF1ZCI6InVybjp2ZXNzZWxtYW46dG9rZW4tZXhjaGFuZ2UiLCJpYXQiOjE3ODEyNjE1NjEsImV4cCI6MTc4MTI2MTYyMSwianRpIjoiMzQ2ZDFmZTYtMDYyZC00ODVhLWE3NjktNjQ2ZjJhN2Q0YjU2IiwidmVzc2VsX3VzZXJfaWQiOiJBVVRIMHw2QTIxNTgyMjY2Nzc3Qjg1MTY0MzBCQzIiLCJlcnBfdXNlciI6ImVycF91c2VyXzQiLCJlcnBfc2Vzc2lvbiI6ImVycC1zZXNzLWE2MzUxODNmLWQ1Y2UtNDQ1OS05ODNlLWJlNTIwODYzNWE0NyJ9.MBH92ZWgiUrfKRNtnEfTQrfCnMO9ktpi-yrcDvnIqYer2e20b7Qwe1NiZWBGIQiXYowboW00Fy0g5waFLsuuwZbQBV26eI405uK9r0GQ8gasHD4Y_ZhZJeGCA9mlUFXOYUP0knSIg82_0FUjf41e077eElxddKrE150Ddpd5sMGR7wZ1G5ecLpo9sCe0z2ZV4P-3X5o88k_oigz0as4tibZ1Nj-3kMv_yLrc5WsRGTdJjWq0F5kG6krhr9x5p_voA2mRf2b2z7q9lX1G5KTOHyWzIvAPU1212ov1Nr-Ip5ZVei30W1_f44WOuS_rgvVkqAIvxHpcDL7RFtFWg5T0pg

Equivalent BFF exchange (curl)

curl -X POST https://marcura-dev.eu.auth0.com/oauth/token \
  -d grant_type=urn:ietf:params:oauth:grant-type:token-exchange \
  -d subject_token_type=urn:vesselman:erp-assertion \
  -d "subject_token=<assertion above>" \
  -d client_id=Z5qO6B52BWN1UZ8DIZFvEIBaemoacD1Y \
  -d client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer \
  -d "client_assertion=<private_key_jwt signed by the BFF key>" \
  -d "scope=openid profile email"

← ERP test client home