How do I get a rule to run when a client (not user) logs in?

What I’m trying to do: include client_metadata in the token payload when a client (not a user) logs in.

I’m under the impression that to do this, I have to upload a rule (written in javascript), which will then copy the required fields from client.client_metadatato context.idToken.

The rule runs when a user logs in, but not when a client logs in. (I know this because the first line of my function calls console.log(); I am using the Real-time Webtask Logs extension to view the logging output.)

function (client, context, callback) {
  console.log("include Onzo ClientId in token payload");
  var clientId = (client.client_metadata || {}).clientId;
  if ('undefined' !== typeof clientId) {
    console.log("setting clientId", clientId);
    context.idToken"http://onzo.com/clientId"] = parseInt(clientId, 10);
  } else {
    console.log("not setting clientId");
  }
  callback(null, client, context);
}

(I’ve been using the /oauth/token endpoint to login, with "grant_type": "client_credentials".)

How do I get a rule to run when a client logs in?

(More context: Our customers need to be able to configure their servers to authenticate to our API without human intervention.)

I suggest using Hooks instead. Hooks support the Client Credentials Exchange extensibility point:

The Hook will also have access to the client.metadata object, as outlined in the starter code.