> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
> Learn how to configure an access token profile for your API.
# Configure Access Token Profile
export const AuthCodeBlock = ({filename, icon, language, highlight, children}) => {
const [displayText, setDisplayText] = useState(children);
const [copyText, setCopyText] = useState(children);
const wrapperRef = React.useRef(null);
useEffect(() => {
let unsubscribe = null;
function init() {
if (!window.autorun || !window.rootStore) {
return;
}
unsubscribe = window.autorun(() => {
let processedChildrenForDisplay = children;
let processedChildrenForCopy = children;
for (const [key, value] of window.rootStore.variableStore.values.entries()) {
const escapedKey = key.replaceAll(/[.*+?^${}()|[\]\\]/g, (String.raw)`\$&`);
let displayValue = value;
if (key === "{yourClientSecret}" && value !== "{yourClientSecret}") {
displayValue = value.substring(0, 3) + "*****MASKED*****";
}
processedChildrenForDisplay = processedChildrenForDisplay.replaceAll(new RegExp(escapedKey, "g"), displayValue);
processedChildrenForCopy = processedChildrenForCopy.replaceAll(new RegExp(escapedKey, "g"), value);
}
setDisplayText(processedChildrenForDisplay);
setCopyText(processedChildrenForCopy);
});
}
if (window.rootStore) {
init();
} else {
window.addEventListener("adu:storeReady", init);
}
return () => {
window.removeEventListener("adu:storeReady", init);
unsubscribe?.();
};
}, [children]);
useEffect(() => {
if (!wrapperRef.current) return;
const originalWriteText = navigator.clipboard.writeText.bind(navigator.clipboard);
let isOverriding = false;
const handleClick = e => {
const button = e.target.closest('[data-testid="copy-code-button"]');
if (!button || !wrapperRef.current.contains(button)) return;
isOverriding = true;
navigator.clipboard.writeText = text => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
return originalWriteText(copyText);
}
return originalWriteText(text);
};
setTimeout(() => {
if (isOverriding) {
isOverriding = false;
navigator.clipboard.writeText = originalWriteText;
}
}, 100);
};
const wrapper = wrapperRef.current;
wrapper.addEventListener('click', handleClick, true);
return () => {
wrapper.removeEventListener('click', handleClick, true);
if (navigator.clipboard.writeText !== originalWriteText) {
navigator.clipboard.writeText = originalWriteText;
}
};
}, [copyText]);
return
{displayText}
;
};
export const codeExample = `curl --request PATCH \\
--url 'https://{yourDomain}/api/v2/resource-servers/API_ID' \\
--header 'authorization: Bearer MGMT_API_ACCESS_TOKEN' \\
--header 'content-type: application/json' \\
--data '{"token_dialect": "TOKEN_DIALECT" }'
`;
You can choose which access token profile to use for your APIs: the Auth0 token profile or the RFC 9068 token profile. The access token profile you configure determines the format of the access tokens issued for the API.
By default, Auth0 issues access tokens using the Auth0 token profile. The Auth0 token profile issues access tokens that are formatted as [JSON Web Tokens (JWTs)](/docs/secure/tokens/json-web-tokens), which contain information about an entity in the form of claims.
Auth0 also supports the RFC 9068 token profile. The RFC 9068 token profile issues access tokens formatted as JWTs following the [IETF JWT Profile for OAuth 2.0 Access Tokens (RFC 9068)](https://datatracker.ietf.org/doc/html/rfc9068). To learn more about the differences between these token profiles, read [Access Token Profiles](/docs/secure/tokens/access-tokens/access-token-profiles).
When you [register an API](/docs/get-started/auth0-overview/set-up-apis), you can select the access token profile in the Auth0 Dashboard. After you’ve registered the API, you can configure the access token profile anytime using the [Management API](https://auth0.com/docs/api/management/v2) and the [Auth0 Dashboard](https://manage.auth0.com/).
## Configure access token profile for an API
1. Go to [Dashboard > Applications > APIs](https://manage.auth0.com/#/apis) and click the name of the API to view.
2. Scroll to **Access Token Settings** and select the access token profile under **JSON Web Token (JWT) Profile**. The selected profile determines the format and claims of access tokens issued for the API. The supported values are `Auth0` and `RFC 9068`. To read more about the difference between the two profiles, read [Access Token Profiles](/docs/secure/tokens/access-tokens/access-token-profiles).
3. Click **Save**.
When using the Management API, we refer to access token profiles as token dialects. To configure your access token profile, set the `token_dialect` parameter for an API using the Management API.
The following code sample makes a PATCH request to the [Update a resource server endpoint](https://auth0.com/docs/api/management/v2/resource-servers/patch-resource-servers-by-id):
Replace the `API_ID`, `MGMT_API_ACCESS_TOKEN`, and `TOKEN_DIALECT` with their respective values, as described in the following table:
| Parameter | Description |
| ----------------------- | -------------------------------------------------------------------------------------------------------------------------------- |
| `API_ID` | ID of the API for which you want to update the token dialect. |
| `MGMT_API_ACCESS_TOKEN` | [Access Token for the Management API](https://auth0.com/docs/api/management/v2/tokens) with the scope `update:resource_servers`. |
| `TOKEN_DIALECT` | Dialect of the access token for the specified API. To learn more, read [Token dialect options](#token-dialect-options). |
#### Token dialect options
Auth0 supports the following token dialects:
| Value | Description |
| ----------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `access_token` | The default Auth0 token profile generates an access token formatted as a JSON Web Token (JWT). To learn more, read [Access Token Profiles](/docs/secure/tokens/access-tokens/access-token-profiles). |
| `access_token_authz` | The default Auth0 token profile (`access_token`) with the `permissions` claim. To learn more about RBAC permissions, read [Enable Role-Based Access Control for APIs](/docs/get-started/apis/enable-role-based-access-control-for-apis). |
| `rfc9068_profile` | The RFC 9068 token profile generates an access token formatted as a JWT following the [IETF JWT Profile for OAuth 2.0 Access Tokens (RFC 9068)](https://datatracker.ietf.org/doc/html/rfc9068). To learn more, read [Access Token Profiles](/docs/secure/tokens/access-tokens/access-token-profiles). |
| `rfc9068_profile_authz` | The RFC 9068 profile (`rfc9068_profile`) with the `permissions` claim. To learn more about RBAC permissions, read [Enable Role-Based Access Control for APIs](/docs/get-started/apis/enable-role-based-access-control-for-apis). |