Skip to content

feat: add session_transfer delegation config support for CTE impersonation#1406

Open
ankita10119 wants to merge 4 commits into
masterfrom
DXCDT-1857
Open

feat: add session_transfer delegation config support for CTE impersonation#1406
ankita10119 wants to merge 4 commits into
masterfrom
DXCDT-1857

Conversation

@ankita10119

@ankita10119 ankita10119 commented Jun 22, 2026

Copy link
Copy Markdown
Contributor

🔧 Changes

Added support for session_transfer.delegation configuration on clients, enabling the Custom Token Exchange Impersonation via Session Transfer feature (Phase 2).

New optional properties under session_transfer.delegation:

  • allow_delegated_access (boolean) — allows clients to accept Session Transfer Tokens that contain an Actor, enabling impersonated SSO sessions
  • enforce_device_binding (string: "ip" | "asn") — enforces device binding for impersonation sessions; defaults to "ip" when omitted

📚 References

🔬 Testing

Unit test added in test/tools/auth0/handlers/clients.tests.js: should allow valid session_transfer delegation property in client — verifies the delegation config is
correctly passed through to the Management API on client create.

Manual end-to-end test against a tenant with the Custom Token Exchange Delegation feature flag enabled:

  1. Added session_transfer.delegation.allow_delegated_access: true and enforce_device_binding: ip to a regular_web client config
  2. Ran a0deploy import - Management API accepted the properties and returned 200
  3. Verified the properties were persisted on the client via the Management API

📝 Checklist

  • All new/changed/fixed functionality is covered by tests (or N/A)
  • I have added documentation for all new/changed functionality (or N/A)

@ankita10119 ankita10119 requested a review from a team as a code owner June 22, 2026 08:29
@codecov-commenter

codecov-commenter commented Jun 22, 2026
edited
Loading

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.19%. Comparing base (6701e54) to head (26d9eec).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1406   +/-   ##
=======================================
  Coverage   80.19%   80.19%           
=======================================
  Files         153      153           
  Lines        7119     7119           
  Branches     1573     1573           
=======================================
  Hits         5709     5709           
  Misses        760      760           
  Partials      650      650

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@ankita10119 ankita10119 marked this pull request as draft June 23, 2026 07:07
@ankita10119 ankita10119 marked this pull request as ready for review June 24, 2026 10:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@harshithRai harshithRai harshithRai approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ankita10119 @codecov-commenter @harshithRai