I am pretty much new to Auth0. I am building an API in nest.js that is secured by Auth0. So if a user has a valid access token, it can access the API.
I need to expose the API to third-party applications, which will have a sort of API key to access my API.
I tried machine-2-machine authentication. So far, I am not able to achieve what I need.
Here’s what I’ve done:
Created a “Machine to Machine” application.
Granted it the permission to Auth0 API.
I can retrieve an access token
Now, I don’t know how can I get the application name in the JWT token.
Overall, I can manage permissions to each application dedicated to third-party applications but in my API, I need to check the clien’ts name for further validation.
What I’m trying to achieve:
Secure my API with Auth0
Expose my API to third-party clients with API keys
Get the client’s detail on my API server to check to whom the token belongs to
Is it doable with Auth0? Or If there is something wrong with my authentication approach.
While not “officially” supported (see this feedback request) - You’re on the right track in terms of what you can achieve with Auth0.
I assume you mean the associated third party app in this case? If so, you might want to look into using an M2M flow action in order to add a custom claim. Taking advantage of app_metadata could work in this use case.
But, event.client is undefined whereas I have defined application metadata in my application whose client_id and client_secret I’m using to get access token. Here is the screenshot of how I have defined it under “Application > My Demo Application > Advanced Settings : Application Metadata”
I don’t know but actions didn’t work for me, event.client was undefined even though the client has metadata please refer to my last comment. Anyways, I used hooks and got the client metadata. Here is the code snippet: