In post-login (and m2m on credentials exchange) trigger action call external API with auth0 token

Was reading documentation and found useful examples how to add permissions/role to claims from external API response using actions. But what would be a best approach for calling external API with is secured also with same auth0.

  1. During every user post-login generate m2m access token for calling external API?

Very similar question there: Use Signed Access Token in a Post-Login Action API Request

But If I want to add M2M custom claims from external API. Then in onExecuteCredentialsExchange can be recursion. In M2M onExecuteCredentialsExchange for external token requesting again applying onExecuteCredentialsExchange requesting…

  1. What would be solution for this case?

Hi @mxas,

Welcome to the Auth0 Community!

Yes, if your custom API requires an access token to make requests to retrieve some information to be appended as a custom claim to your login flow’s token.

I recommend reviewing our How to Make an Axios API Call and Store it as a Custom Claim using Actions knowledge article for an example of this use case.

If you attempt to request an access token in an M2M action while performing a client credentials flow, you could encounter recursion. Therefore, you should avoid making a client credentials flow request inside an M2M action.

If the data is not dynamic, you could append them as custom claims as usual. If it is, then you might get away with storing the token as an Action secret and making the request using the stored token. You may need to make the token long-lived and manage its freshness.

Let me know if you have any questions.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.