Hi @subee.admin
Thanks for getting in touch with us here at Auth0 Community!
The M2M Action is based on the Client Credentials flow where a client id and client secret is used to authenticate the M2M application (typical for services running on the backend) and as a result there is no user authentication involved so the user property of the event object is out of scope, please see https://auth0.com/docs/authorization/flows/client-credentials-flow
If you have a Native app I expect you will be using something like Authorization Code Flow with Proof Key for Code Exchange (PKCE) https://auth0.com/docs/authorization/flows/authorization-code-flow-with-proof-key-for-code-exchange-pkce when you authorise with this flow you will receive an ID Token and Access Token, you can use the Access Token received here for access to your API and maybe add your custom claims to the Token at this point https://auth0.com/docs/security/tokens/access-tokens
I’m not sure what SDK you’re using but I would review the documentation to check how to do this https://auth0.com/docs/libraries e.g. if you were using React Native you might do the following to get an ID Token and an Access Token.
auth0
.webAuth
.authorize({scope: 'openid profile email'})
.then(credentials =>
// Successfully authenticated
// Store the accessToken
this.setState({ accessToken: credentials.accessToken })
)
.catch(error => console.log(error));
Unless your use case is different, if so, please let us know what your use case is and how the M2M application fits into the picture.
Many thanks.