Client Credentials Flow for Organisation

Hi.

I’m looking to utilize the client credentials flow for organizations. Is it currently possible to request ‘organization’ scoped tokens using the API?

Equally, is it possible to delegate the generation of these tokens to a member of the organization?

Hi @mattbrown1,

Welcome to the Auth0 Community!

Can you please expand on this use case? Client credentials are typically seen as user-less tokens. Adding them to an organization and delegating them to a user sounds like you want a user’s token. What would be the difference there?

Hey Dan - thanks for your reply.

So I basically just want a token with and org_id parameter generated using the client credentials flow - not sure if this is possible? Of course, as standard with this flow, the client requesting these tokens would be trusted.

I guess this is a two-parter: it would be great to be able to delegate the ability to delegate the ability to do this for a member of an organization for the organization they are in.

Matt

Hi @mattbrown1 - thanks for clarifying. This is not currently possible but we are planning to integrate Organizations & client_credentials in a way similar to what you are describing. It would be helpful to understand your use-case a bit more: what does an organization represent in your product? What are these clients requesting access to?

1 Like

Great to hear.

We have a B2B2C setup where an Auth0 organization is in effect a reseller. They need to be able to provision their own M2M access to our APIs.

Matt

1 Like