M2M just describes the grant/scenario. If you’re calling an API as a web application, then the web application calls as it itself using the credentials needed (client ID and password). User data should not be a part of the token since users are not authenticating for that API. If you need to take an action for a user, that info should be included in the API call (POST body or however your API expects it).
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| REST API with Laravel | 1 | 1555 | June 20, 2023 | |
| Native app + Laravel API (both with Auth0) | 9 | 6032 | November 7, 2019 | |
| Laravel auth0 Invalid authorization code | 3 | 7158 | March 2, 2018 | |
| Can I do an authorization code grant flow in Laravel? | 1 | 5170 | March 2, 2018 | |
| Laravel middleware route Authorize Auth0 | 2 | 1953 | April 21, 2022 |