Protect Next.js route handlers with machine-to-machine application?

Hi,

I want to expose the route handlers defined in Next.js 14 application for external applications to call using OAuth 2 client credentials flow. Can I do this with machine-to-machine application?

I tried to get the access token like this,

curl --request POST \
--url $KINDE_ISSUER_URL/oauth/token \
--header 'content-type: application/x-www-form-urlencoded' \
--header 'accept: application/json' \
--data grant_type=client_credentials \
--data client_id=$KINDE_CLIENT_ID \
--data client_secret=$KINDE_CLIENT_SECRET \
--data audience=$KINDE_ISSUER_URL/api

curl --request POST \
--url $KINDE_ISSUER_URL/oauth/token \
--header 'content-type: application/x-www-form-urlencoded' \
--header 'accept: application/json' \
--data grant_type=client_credentials \
--data client_id=$KINDE_CLIENT_ID \
--data client_secret=$KINDE_CLIENT_SECRET \
--data audience=$KINDE_ISSUER_URL/api

curl --request POST \
--url $KINDE_ISSUER_URL/oauth/token \
--header 'content-type: application/x-www-form-urlencoded' \
--header 'accept: application/json' \
--data grant_type=client_credentials \
--data client_id=$KINDE_CLIENT_ID \
--data client_secret=$KINDE_CLIENT_SECRET \
--data audience=$KINDE_ISSUER_URL/api

curl --request POST \
--url $KINDE_ISSUER_URL/oauth/token \
--header 'content-type: application/x-www-form-urlencoded' \
--header 'accept: application/json' \
--data grant_type=client_credentials \
--data client_id=$KINDE_CLIENT_ID \
--data client_secret=$KINDE_CLIENT_SECRET \
--data audience=$KINDE_ISSUER_URL/api

but it failed with this error,

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience 'https://xxxxx.kinde.com/api' has not been whitelisted by the OAuth 2.0 Client."}

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience 'https://xxxxx.kinde.com/api' has not been whitelisted by the OAuth 2.0 Client."}

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience 'https://xxxxx.kinde.com/api' has not been whitelisted by the OAuth 2.0 Client."}

{"error":"invalid_request","error_description":"The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Requested audience 'https://xxxxx.kinde.com/api' has not been whitelisted by the OAuth 2.0 Client."}

Do you know what could be the problem?

Protect Next.js route handlers with machine-to-machine application?

Similar Threads

Similar Threads

Similar Threads