The case is that I want to enrich an access token with custom claims, pulled out of an Auth0 protected API(M2M app authorized for same Auth0 tenant). The way I initially went about this was to create a client credentials exchange hook, hoping to catch the access_token in the context parameter of the hook function, and use it to query the external API and add the claim. This didn’t work though, as the context does not contain the access_token. I found several topics on implementing the same behavior using rules, but no solution discoverable yet. I went through the documentation of the rules, and found several suggestions which do not fit my need. Those include making a connection to the database in the rule itself and querying it for the claim. The other one suggested authenticating with the external API using a secret string, stored in configuration. Both of these approaches seem unreliable to me. One of the topics mentioned using ‘node request example you can copy into the rule’, for which I could not find more info at this point.
Does anyone have any idea on best practices how to solve this?