Create application/client and authorize for APIs using Management API

Hi all,

We are creating machine-to-machine applications using the Management API (Auth0 Management API v2) and this works perfectly. However, we would also like to authenticate these applications for certain APIs we have defined in Auth0 and it is currently not clear how to do this using the Management API.
Without this functionality, an Auth0 admin has to manually authorize the generated application to use an API using the Auth0 dashboard and this kind of defeats the purpose of automating the app creation.

Does anybody know more about this?

Thanks!
Olivier

Hi!

We still have not found a solution. Is there anyone here that can help us out?

Thanks!

What should I do/who should I approach to get this under the attention of someone at Auth0?

Hey @ofjansen!

Sorry for the delay in response. There are a lot of community developers asking questions out there and we’re doing our best to provide regularly knowledge and support to all of you but sometimes we’re simply people resources constraint. Thank you for understanding and sorry for the inconvenience!

Please give me a moment to look into this!

Hi @konrad.sopala,

Great to hear from you. Thanks for your answer and for looking into it!

Ok so judging by your problem description you basically want to call your API from M2M app.

In order to do that you need to set the client grant using either the dashboard or the Management API.

Here’s your step by step doc on how to achieve that with the API:

Let me know if that helps!

Thanks @konrad.sopala,

Yes, you are right about auth before using the API. But before all this, the API to be called has to be enabled or authorised for the specific app at Auth0. This can be done using the Auth0 Manage tool after the app has been created (by going to Applications > you app > APIs tab > selecting an API) and the Manage tool also asks for you to select an API to enable when creating a new M2M app. However, the Management API documentation does not mention a way to specify an API to enable/authorise. And that is needed to automate the whole process.

Do you know how to tackle this?

@ofjansen, I found this page, https://auth0.com/docs/api-auth/config/using-the-auth0-dashboard, that allowed me to just hit a toggle to get my web app authorized and scopes assigned. Perhaps it can help with what you’re trying to do too.

@ofjansen

The page @konrad.sopala linked has what you are looking for :slight_smile:

There is a section (Update Grant Types) on how to authorize an Application for a given API (audience) using the Management API (Auth0 Management API v2). This is what you’re looking for.

We use something along the lines of (Node.js SDK):

return ManagementClient.createClient(params)
  .then((client) => {

    ManagementClient.createClientGrant({
      client_id: client.client_id,
      audience: audience,
      scope: ["sample-scope"]
    });

    return client;
  });

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.