Migrating M2M hook with custom response to actions

We are in the final stages of moving all our hooks to actions, and have just one line remaining on clients credentials exchange. In this hook we modify the response to include the scope, which is currently relied on for our backend application(s):

module.exports = function(client, scope, audience, context, cb) {
  var access_token = { scope: scope };
  cb(null, access_token);
};

However I don’t see a way to replicate this exact functionality in actions, given it doesn’t seem to give you much flexibility in modifying the return value of the clients credentials exchange.
Of course we can find another solution, but I am just wondering if there is an actions-native way of supporting this?

Hey there @nicolaj.vinholt , welcome to the Auth0 Community!

Do you intend to adjust scopes per request basis?

Actions on that matter are still in it’s initial stages, but I can see two properties that seems to be relevant here (or at least approximately relevant):

event.request.body - params (also custom) that are sent with the credentials exchange flow; can contain for example the adjusted_scopes param;

and

api.accessToken.setCustomClaim - currently this is the only callable method to request changes to the access token being issued.

I crafted a short Action script that, within a custom claim of the issued access token, would give your backend app info about the adjusted scopes:

exports.onExecuteCredentialsExchange = async (event, api) => {
var adjusted_scopes = event.request.body.custom_scope
api.accessToken.setCustomClaim("https://adjusted-claims-for-my-backend-app", adjusted_scopes);
};

The original “scope” claim and “permissions” claim will remain unchanged, only the custom claim ships this contextual information.

Would this be something helpful for your use-case?

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.