feat: update MCP quickstart for On-Behalf-Of Token Exchange

[lrzhou25]

Summary

Updates the "Call Your API on a User's Behalf" MCP quickstart to reflect the new On-Behalf-Of (OBO) Token Exchange implementation, replacing the previous Custom Token Exchange approach.

Changes

JavaScript Updates (based on auth0-samples PR #79)

• Sample folder: fastmcp-mcp-customtokenexchange-js → fastmcp-mcp-on-behalf-of-tokenexchange-js
• Terminology: "Custom Token Exchange" → "On-Behalf-Of Token Exchange"
• Environment variables:
  • Removed MCP_AUTH0_SUBJECT_TOKEN_TYPE
  • Simplified MCP_AUTH0_EXCHANGE_SCOPE from "openid offline_access read:private" to "read:private"
  • Fixed API_BASE_URL trailing slash
• Token exchange implementation:
  • Function: exchangeCustomToken() → exchangeTokenOnBehalfOf()
  • SDK method: getTokenByExchangeProfile() → getTokenOnBehalfOf()
  • ApiClient uses AUTH0_AUDIENCE instead of API_AUTH0_AUDIENCE
  • Removed subjectTokenType parameter

Python Updates (based on auth0-samples PR #81)

• Sample folder: fastmcp-mcp-customtokenexchange-python → fastmcp-mcp-on-behalf-of-tokenexchange-python
• Terminology: "Custom Token Exchange" → "On-Behalf-Of Token Exchange"
• Token exchange implementation:
  • Function: exchange_custom_token() → exchange_token_on_behalf_of()
  • SDK method: get_token_by_exchange_profile() → get_token_on_behalf_of()
  • ApiClient uses AUTH0_AUDIENCE instead of API_AUTH0_AUDIENCE
  • Removed subject_token_type parameter

Additional Improvements

• Added rate limit note for Auth0 for AI Agents add-on
• Added client grant configuration instructions
• Created OBO token exchange enablement component
• Updated prerequisites with OBO-specific requirements

Files Changed

• mcp/get-started/call-your-apis-on-users-behalf.mdx - Main quickstart page
• snippets/mcp/get-started/call-your-apis/create-env-file.mdx - Environment setup
• snippets/mcp/get-started/call-your-apis/exchange-access-token-js.mdx - JavaScript explanation
• snippets/mcp/get-started/call-your-apis/exchange-access-token-python.mdx - Python explanation
• snippets/mcp/get-started/pre-reqs/enable-obo-token-exchange.mdx - New OBO enablement component
• snippets/mcp/get-started/pre-reqs/prerequisites.mdx - Updated prerequisites

Testing

• Verify JavaScript quickstart instructions work with new sample code
• Verify Python quickstart instructions work with new sample code
• Verify all code snippets are accurate
• Verify links to sample repos are correct
• Test OBO token exchange flow end-to-end

🤖 Generated with Claude Code

[github-actions]

Summary

Status	Count
🔍 Total	6
✅ Successful	2
⏳ Timeouts	0
🔀 Redirected	1
👻 Excluded	3
❓ Unknown	0
🚫 Errors	0
⛔ Unsupported	0

Redirects per input

Redirects in auth4genai/mcp/get-started/call-your-apis-on-users-behalf.mdx

• [200] https://auth0.com/ai/docs | Redirect: Followed 1 redirect resolving to the final status of: OK. Redirects: https://auth0.com/ai/docs --> https://auth0.com/ai/docs/intro/overview
  Full Github Actions output

[mintlify]

Preview deployment for your docs. Learn more about Mintlify Previews.

Project	Status	Preview	Updated (UTC)
auth0-genai	🟢 Ready	View Preview	Apr 27, 2026, 9:44 PM

💡 Tip: Enable Workflows to automatically generate PRs for you.

[priley86]

approved changes from this side, but please do defer until these quickstarts are merged. ty so much for this update @lrzhou25 ! 🙇