Client Grants: How can I grant API authorization while generating new M2M so I don't have to authorize it manually?

Bruni-WanKenobi · September 7, 2023, 4:17pm

Hey Community!

I hope everything is going well.

Background:

I have an M2M application that generates new M2Ms for API consumption. The newly created M2M needs to have my API identifier grants.

I am receiving this error:

The client is not authorized to access "API-IDENTIFIER". You need to create a \"client-grant\" associated with this API

I know I can manually change it by going to the dashboard.

Question:

How can I grant API authorization while generating new M2M so I don’t have to authorize it manually?

export const postApiRegistration = async (registrationDetails): Promise<Auth0Connection> => {
    const token = await getAuth0ManagementToken();
    const url = `${AUTH0_BASE_URL}/api/v2/clients`;
    const DATAHUB_API_ID = 'DATAHUB_API_ID ';
    

    let data = JSON.stringify({
        name: registrationDetails.AppName,
        description: `Auth0 Generic Api registration ${registrationDetails.CustomerCode}`,
        callbacks: [],
        client_aliases: [],
        allowed_clients: [`${DATAHUB_API_ID}`],
        grant_types: ['client_credentials'],
        token_endpoint_auth_method: 'client_secret_post',
        app_type: 'non_interactive',
        is_first_party: true,
        oidc_conformant: false,
        jwt_configuration: {
            lifetime_in_seconds: 36000,
            scopes: {},
            alg: 'RS256',
            secret_encoded: false
        },
        cross_origin_authentication: false,
        sso_disabled: false,
        custom_login_page_on: true,
        native_social_login: {
            apple: {
                enabled: false
            },
            facebook: {
                enabled: false
            }
        },
        refresh_token: {
            expiration_type: 'non-expiring',
            leeway: 0,
            infinite_token_lifetime: true,
            infinite_idle_token_lifetime: true,
            token_lifetime: 31557600,
            idle_token_lifetime: 2592000,
            rotation_type: 'non-rotating'
        }
    });

    const options: AxiosRequestConfig = {
        url: url,
        method: 'POST',
        headers: {
            'Content-Type': 'application/json',
            Accept: 'application/json',
            Authorization: `Bearer ${token.access_token}`
        },
        data: data
    };

    const connectionsResponse = await axios.request<Auth0Connection>(options);

    return connectionsResponse.data;
};

rueben.tiow · September 7, 2023, 5:17pm

Hi @Bruni-WanKenobi,

Thanks for posting your question on the Community!

You can do so by calling the Management API’s Create a client grant endpoint.

After you have created your M2M application, you can grant it API authorization by passing in the client_id, audience, and scope parameters in the request.

For example:

var myHeaders = new Headers();
myHeaders.append("Content-Type", "application/json");
myHeaders.append("Accept", "application/json");

var raw = JSON.stringify({
  "client_id": "YOUR_M2M_CLIENT_ID",
  "audience": "YOUR_API_IDENTIFIER",
  "scope": [
    "YOUR:SCOPES"
  ]
});

var requestOptions = {
  method: 'POST',
  headers: myHeaders,
  body: raw,
  redirect: 'follow'
};

fetch("https://login.auth0.com/api/v2/client-grants", requestOptions)
  .then(response => response.text())
  .then(result => console.log(result))
  .catch(error => console.log('error', error));

If you found this post helpful or interesting, please give it a like . Your interaction makes a difference. Have a wonderful day!

Thanks,
Rueben

Prefer how-to videos instead of written docs? We’ve got you covered! Check out our OktaDev YouTube channel for those helpful resources!

Bruni-WanKenobi · September 7, 2023, 6:49pm

Thank you @rueben.tiow

system · September 21, 2023, 6:49pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.