Hi,
We are trying to pass some data in the form body when calling the “/oauth/token” endpoint during the m2m authentication using client client credential flow.
payload
custom data added : .xyz Domain Names | Join Generation XYZ
grant_type=client_credentials
client_id=xx
client_secret=xxx
audience=xxx
http://xyz.com/temp=User_3123 (Custom data in payload)
Now, when making the call we have a hook that is currently able to find the custom payload data and performs some operation. Below is the Auth0 hook where we access the key and add it to the token.
Auth0 hook
module.exports = function(client, scope, audience, context, cb) {
var access_token = {};
access_token.scope = scope;
// Operation after retrieving custom payload
const key = "http://xyz.com/temp";
if (context.body[key]) {
access_token[key] = context.body[key];
}
else{
access_token[key] = {}
}
cb(null, access_token);
};
This approach works but when I try to use a normal string as custom payload instead of using a URL. I cannot access the custom data in Auth0 hooks anymore.
ex:
custom data added : a_general_key=User_3123
grant_type=client_credentials
client_id=xx
client_secret=xxx
audience=xxx
a_general_key=User_3123 (Custom data in payload)
Now the documentations are not very clear regarding this but it would be nice we could get a clear why this works in some cases and not in others.
Here are the doubts/questions we have:
- Why custom data can be added and seen inside auth0 hook when the key is in URL form instead of a string?
.xyz Domain Names | Join Generation XYZ vs a_general_key=User_3123 - Is there a way we can send some custom data while doing m2m auth using client credentials flow and access it through Auth0 hook?
like a additional parameter, header or key in form body.
Thank you