I can’t seem to get any user metadata in M2M client_credentials flow to get an access token.
I created an API, an M2M application, and a rule. Then I make a request like
curl --request POST \
--url https://xxxx.au.auth0.com/oauth/token \
--header 'content-type: application/json' \
--data '{"client_id":"xxxxxxxxxxxxxx","client_secret":"yyyyyyyyyyyyy","audience":"https://xxxxxxxxx.com","grant_type":"client_credentials"}'
and got access token, but the rule did not fire.
Is this behavior expected? In other words, is there any way to access metadata in M2M client_credentials flow and attach some data to the access token?
Hi @tkurokawa ,
Welcome to the Community
Yes, you can add user information you want in token using custom claim rule. Please see below post for refrence.
Solved by
I’m evaluating the feature of using non interactive client for future integrations.
In my understanding the protected server (APIs in my case) will only let pass the HTTP requests that have a JWT bearer token in Authorization header (I’m pretty new to Auth0 and authorization and authentication in general so I apologize in advance if I won’t use right terminology)
I’ve used Spring security example found here .
It works for me (I mean only the valid JWT token passes the Spring Security and I’m a…
and
I have set up a Single Page Client with implicit grant type, where I successfully have been able to add custom claims to the access token using Rules. In order to keep manageability and consistency I use the Management API with scripts, which I version control.
However, now I have a need for implementing some Non Interactive Clients as well, using the Client Credentials grant type. And these access tokens need (some of) the same custom claims as the ones already implemented.
Through testing, r…
I have to use hooks, in M2M client credentials flow, not rules.
Thank you,
2 Likes
Perfect! Glad to hear that!
system
Closed
May 12, 2020, 8:05am
5
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.