Client Credentials Flow for Organisation

mattbrown1 · July 19, 2021, 3:00pm

Hi.

I’m looking to utilize the client credentials flow for organizations. Is it currently possible to request ‘organization’ scoped tokens using the API?

Equally, is it possible to delegate the generation of these tokens to a member of the organization?

dan.woda · July 19, 2021, 4:49pm

Hi @mattbrown1,

Welcome to the Auth0 Community!

Can you please expand on this use case? Client credentials are typically seen as user-less tokens. Adding them to an organization and delegating them to a user sounds like you want a user’s token. What would be the difference there?

mattbrown1 · July 19, 2021, 11:27pm

Hey Dan - thanks for your reply.

So I basically just want a token with and org_id parameter generated using the client credentials flow - not sure if this is possible? Of course, as standard with this flow, the client requesting these tokens would be trusted.

I guess this is a two-parter: it would be great to be able to delegate the ability to delegate the ability to do this for a member of an organization for the organization they are in.

Matt

adam.housman · July 20, 2021, 1:25pm

Hi @mattbrown1 - thanks for clarifying. This is not currently possible but we are planning to integrate Organizations & client_credentials in a way similar to what you are describing. It would be helpful to understand your use-case a bit more: what does an organization represent in your product? What are these clients requesting access to?

mattbrown1 · July 21, 2021, 1:40pm

Great to hear.

We have a B2B2C setup where an Auth0 organization is in effect a reseller. They need to be able to provision their own M2M access to our APIs.

Matt

uni-femil-shajin · September 29, 2022, 2:45pm

Hi,

I’m trying to authenticate M2M application with organization + Client credential flow. Is this available now?

dankelleher · February 10, 2023, 10:07am

Hi all, I would also be interested in this feature, essentially the ability to add api-keys to an organization, so that their organization ID would appear in the jwt.

bambamboole · July 18, 2023, 11:14am

Same here. hardly needed feature

TacoEater · January 16, 2024, 3:21am

Please make this happen.

magic_al · April 3, 2024, 6:18am

We’re about to migrate all our products from Azure AD to Auth0. This feature is basically required for all our API’s. Is there a road map around it?

As a work around I think about adding the org id to the app’s metadata and then to the JWT via a Auth0 action. Any thoughts on that?