Device flow with querystring parameters

I’m trying to use the device flow to implement authentication on our devices.

I managed to make it work by first calling the /device/code endpoint to get the device code and then autenticate the user with /token endpoint passing the device_code from the previous call.

Is it possible to add querystring parameters on any of the above endpoints and process them in Rules, Hooks, Actions or whatever to get a custom claim added in the access token?



Hi @ivan.rizzante,

Welcome to the Community!

I’m going to need to research this, and I will let you know what I find out.

Hi there, thank you very much

1 Like

Hi @ivan.rizzante,

I have heard back from the team, and unfortunately, because the device flow has multiple requests spanning different endpoints there isn’t a great way to preserve the query params across those requests to use in Rules or Actions. At this time, there isn’t a way to pass query params when using the device flow.

You can create a topic with your use case for this feature in our Feedback category:

The feedback category allows the community to vote on which features would bring the most value. This is reviewed by the product team to help determine which items are included on the roadmap.

Hi @stephanie.chamblee ,
thanks for the reply, I’ll surely file a topic under the Feedback category.

My question for you at this point is the following: is there any way to accomplish the above using other flows?
I mean, is it possible for example using the standard M2M flow?

Thank you very much

Thank you for submitting the feedback!

You can send extra data in the request body in the Client Credentials flow. You can create a client credentials Action:

exports.onExecuteCredentialsExchange = async (event, api) => {
  api.accessToken.setCustomClaim("", event.request.body.example);  

And add the Action to the Machine to Machine flow in your Auth0 Dashboard (Actions > Flows).

When you request a token, you can include any data in the request body:

curl --request POST \
  --url 'https://your-domain/oauth/token' \
  --header 'content-type: application/x-www-form-urlencoded' \
  --data grant_type=client_credentials \
  --data client_id=YOUR-CLIENT-ID \
  --data client_secret=YOUR-CLIENT-SECRET \
  --data audience=YOUR-API-IDENTIFIER \                                  
  --data example=true \   // <-- extra data