is there a way to restrict an Auth0 application to only allow an action to call it. I setup an application so that is has permissions to update a users roles.
I am updating roles during authentication but only want the application to be available for the Action Flows
Hi @kris.macgillivray
You should protect access to this application via the client credentials grant. Only the action will have the client ID/secret so only the action can successfully call the application.
Unfortunately, actions do not yet have a good caching mechanism for the M2M token, so you should use a rule for this, and cache the token in the rule configuration (until Actions come into parity with rules)
John
1 Like