To manage Hook objects via the Webtask API, it seems like one needs to get a JWT via oauth2 using a particular Sandbox endpoint, e.g. https://sandbox.auth0-extend.com/api/description (visit that url in your browser, and notice the client_id)
This seems possible using oauth2 flows with a human present, like a browser-based code (which is what the
wt cli does), but for a machine-to-machine interaction, we would need to use a
client_credentials grant. That requires the client secret paired with the client id from the /api/description URL above.
Since those clients are all controlled by auth0/webtask/extend, it looks like we can’t use a
client_credentials grant in order to manage Hook objects. Having this ability would be nice, because we want to deploy our Hook scripts across different environments in an automated fashion.
Thanks for reading.