We have our Backend API that is protected by JWT access token issues by Auth0.
We have an SPA that allows users to get access tokens by Auth0 with Google identity provider.
We would like to allow our users to be able to get access tokens for M2M communication in behalf of them. i.e. it’s like Client Credentials Flow but with the user’s context.
Is there any way we can achieve this?
Hi @roman.r and welcome to Auth0!
Thanks for posting!
To make an access (bearer) token distinguishable (containing some user specific data) you can try
to implement Actions script.
Specifically: the Machine to Machine Flow and the
event.request.body method (to extract a custom “key”: “value” params sent to the
POST https://domain.auth0.com/oauth/token endpoint. This custom param would contain user specific data.
Later, using the
api.accessToken.setCustomClaim(name, value) within the same Action, you can add a custom claim to the access token containing this user-specific data sent within the request.
The doc on Machin to Machin Flow is here - Actions Triggers: credentials-exchange - Event Object.
Would it be something you’re looking for?
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.