Custom Token Exchange - Delegated Authorization now available in Open Early Access

We're excited to announce that __Custom Token Exchange now supports Delegated Authorization__. This release is available to all __Enterprise, B2B Professional, and B2C Professional customers__. Delegated Authorization covers scenarios where a principal (e.g. a human support agent, a backend service, an AI agent) performs actions in the context of a user. Unlike traditional impersonation where the actor's identity is lost, delegated authorization preserves both identities: the `sub` claim identifies the user being acted for, while a standards-based `act` claim (per [RFC 8693](https://www.rfc-editor.org/rfc/rfc8693.html)) identifies who is actually performing the action. Every token carries a verifiable record of the delegation. With the flexibility to define custom actor semantics and authorization logic via Actions, __customers now have the tools to address emerging access patterns, including agentic AI flows, alongside traditional delegation scenarios__ like support tooling and service-to-service chains. Key __highlights__ of this release: - Actor token parameters: Pass `actor_token` and `actor_token_type` to convey the acting party's credential - `setActor()` Action command: Developers explicitly control when and how delegation `act` claim is included in tokens via the new `setActor()` method - Auth0 ID tokens as actor tokens: Automatic validation when the actor is an Auth0-managed user - Audit trail: Actor identity captured in tenant logs for compliance and traceability - Nesting support: Up to 5 levels of delegation chains for multi-hop service scenarios To learn more, visit the [Custom Token Exchange documentation](https://auth0.com/docs/authenticate/custom-token-exchange).