How to retrieve application metadata in a machine to machine authentication request

Simiular to this previous unanswered question I’m interested to learn how I can retrieve application metadata that is set in Application Advanced Settings. When decoded the JWT doesn’t appear to contain this information.

The request is made as follows:

curl -X POST
-d ‘{“client_id”:“ID”,“client_secret”:“SECRET”,“audience”:“AUDIENCE”,“grant_type”:“client_credentials”}’


Hola Tomas,

Did you try this:


Hi John - thanks for that. No I haven’t tried using rules, and it looks like it could work. Do you know whether it is possible for a rule to be executed only on authentication for a specific application. I wouldn’t want this rule for M2M authentications to be applied to the rest of our Apps’ authentication flows.



From my understanding, all rules get executed in sequence for every auth but you can check the context.clientID within the rule to immediately return, thus skipping the rule logic…
if (allowedClientIds.indexOf(context.clientID) === -1) { return callback(null, user, context); }

1 Like

Thanks Chuck. Will take a look!

Is there a way to retrieve it with an API call (e.g. with /userinfo)?