Restrict management API

is there a way to restrict an Auth0 application to only allow an action to call it. I setup an application so that is has permissions to update a users roles.

I am updating roles during authentication but only want the application to be available for the Action Flows

Hi @kris.macgillivray

You should protect access to this application via the client credentials grant. Only the action will have the client ID/secret so only the action can successfully call the application.

Unfortunately, actions do not yet have a good caching mechanism for the M2M token, so you should use a rule for this, and cache the token in the rule configuration (until Actions come into parity with rules)


1 Like