Was reading documentation and found useful examples how to add permissions/role to claims from external API response using actions. But what would be a best approach for calling external API with is secured also with same auth0.
During every user post-login generate m2m access token for calling external API?
But If I want to add M2M custom claims from external API. Then in onExecuteCredentialsExchange can be recursion. In M2M onExecuteCredentialsExchange for external token requesting again applying onExecuteCredentialsExchange requesting…
Yes, if your custom API requires an access token to make requests to retrieve some information to be appended as a custom claim to your login flow’s token.
If you attempt to request an access token in an M2M action while performing a client credentials flow, you could encounter recursion. Therefore, you should avoid making a client credentials flow request inside an M2M action.
If the data is not dynamic, you could append them as custom claims as usual. If it is, then you might get away with storing the token as an Action secret and making the request using the stored token. You may need to make the token long-lived and manage its freshness.