Can I use "Rules" to provide extra information inside access tokens when doing M2M flow?

I have a M2M application X associated with an API Y.

When the client service applies for its access token to access API Y I would like to query an external API, through the Rules mechanism, and enrich/add information onto the access token so that this data is available to the API Y being accessed at the moment of decoding the token.

All examples seem to be geared towards Connection type of authentication where a User is present and has logged in. Event the Try with … section only allows to select connections and not M2M applications.

Hi @gerardo.zenobi,

Welcome to the Community!

Rules run after authentication, which means they are user-centric, and not going to be applicable for M2M.

Instead, check out the client credentials hooks:

I think this should do what you are requesting. Please let me know if it doesn’t fit your needs and we can try something else.

Thanks,
Dan

1 Like

I see, thanks for the rapid response :slight_smile:

Given the hook would be created for Client Credentials exchange, naturally this will only apply for M2M type of authentications correct ? Am I missing other scenarios where this flow might be used other than M2M ?

I would have to then create and duplicate the logic in a Rule for User/Connection based authentications (as I want this information enrichment to be applied in both uses cases) is that correct ?

Thanks,

Gerardo

1 Like

That is correct. CC exchange will not affect the user based flows.

Also correct!

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.