Get request body data in workflow
Hello,
I'm creating a workflow for M2MTokenGenerate event. When I make a call to the /oauth2/token endpoint, I'm also sending some data in the body, which I want in the generated M2M token. Can I get that data from the api in that workflow function parameters?
What I want is when my server is calling the API to get M2M token, I want a token with custom claims org_id and project_id which I'm sending in the request. Can I get that in the workflow function or not?
9 Replies
Hi, thank you for reaching out.
Let me check on my side regarding your question about retrieving custom data (such as
Thank you for your inquiry regarding the inclusion of custom data, such as
For more detailed information, you can refer to Kinde's documentation on M2M token generation workflow, M2M token binding, and token customization. Please let us know if you need further assistance or have additional questions.
org_id and project_id) from the request body in the workflow. I’ll review this and get back to you shortly.
Hi,Thank you for your inquiry regarding the inclusion of custom data, such as
org_id and project_id, from the request body into the generated M2M token within a Kinde workflow.
Currently, Kinde's M2M token generation workflow (m2m:token_generation) does not provide access to the raw request body parameters. The event object available in the workflow contains metadata like audience, scope, and the M2M application's clientId, but it does not expose arbitrary request body fields.
To include custom claims in M2M tokens, Kinde recommends utilizing application-level properties. You can define custom properties such as org_id and project_id on your M2M application within the Kinde dashboard. These properties can then be accessed and added as custom claims in the token using the kinde.m2mToken.setCustomClaim() method within the workflow.
If your use case requires dynamic data to be included in the token based on each request, the current workflow capabilities may not support this directly. As a workaround, consider encoding necessary information within the audience or scope fields of the token request, which are accessible in the workflow's event object. However, this approach has limitations and may not be suitable for all scenarios.For more detailed information, you can refer to Kinde's documentation on M2M token generation workflow, M2M token binding, and token customization. Please let us know if you need further assistance or have additional questions.
Ok, Thanks
You're very welcome, Parth.
If any further questions come up or if you need assistance implementing any part of the workflow, feel free to reach out. I'm happy to help.
I want to pass custom claim in m2m generated token and that claim I want to pass when I'm making request to generate a token. Is there any way to get that in workflow?
Hi Parth,
Based on the current documentation and workflow capabilities, the
- You can add custom properties to M2M applications in the Kinde dashboard and include them as claims in the generated token. Learn more here: https://docs.kinde.com/properties/work-with-properties/properties-in-tokens/ - Encoding Data in Audience or Scope Fields, These fields are accessible in the event object and can be used to pass data to your workflow. - Use workflows to fetch dynamic data from external sources and add it as custom claims. The
m2m:token_generation workflow does not provide direct access to the raw request body sent to the /oauth2/token endpoint. The workflow’s event object includes metadata such as audience, scope, and client ID, but does not expose arbitrary request body parameters.
For including dynamic data in M2M tokens, here are the supported approaches:- You can add custom properties to M2M applications in the Kinde dashboard and include them as claims in the generated token. Learn more here: https://docs.kinde.com/properties/work-with-properties/properties-in-tokens/ - Encoding Data in Audience or Scope Fields, These fields are accessible in the event object and can be used to pass data to your workflow. - Use workflows to fetch dynamic data from external sources and add it as custom claims. The
kinde.m2mToken.setCustomClaim(name: string, value: any): void method allows you to include custom claims in the M2M token that’s returned to the client. Full details here: https://docs.kinde.com/workflows/bindings/m2m-token-binding/
Direct access to the request body for dynamic claims is not currently supported.
For your reference, here are some additional resources to dive deeper:
- M2M Token Binding: https://docs.kinde.com/workflows/bindings/m2m-token-binding/
- About Workflows: https://docs.kinde.com/workflows/about-workflows/
- M2M Tokens Overview: https://kinde.notion.site/Answer-M2M-Tokens-via-auth-flow-c8917330190845289a6af7d33b42f199
- Testing APIs with M2M Tokens: https://docs.kinde.com/developer-tools/your-apis/test-your-api-m2m-token/
- Connect to the Kinde API: https://docs.kinde.com/developer-tools/kinde-api/connect-to-kinde-api/
- Register and Manage APIs: https://docs.kinde.com/developer-tools/your-apis/register-manage-apis/
I hope this clarifies your question. Please let me know if you have any further questions.
Hi Parth,
Just checking in to see if you still need help with passing custom claims in M2M tokens, or if everything is working as expected now.
If there’s anything else you’d like to clarify or explore further, feel free to let me know. Otherwise, I’ll go ahead and close this thread — but you’re always welcome to reach out with any other questions anytime.@Ages - Kinde
https://docs.kinde.com/properties/work-with-properties/properties-in-tokens/
As defined in above link, I want to add property in token but using m2m api, not from dashboard. How to do it?
Kinde docs
Add and manage properties in tokens
Our developer tools provide everything you need to get started with Kinde.
Hi Parth,
It’s currently not possible to send arbitrary request body parameters (like
org_id or project_id) directly when requesting an M2M token. The workflow event object only exposes metadata such as audience, scope, and clientId.
To achieve the inclusion of custom claims in the token, here are the recommended approaches:
- Add custom properties directly to the M2M application via the Kinde dashboard. These properties can then be added as claims to the token without needing the workflow, simplifying the process.
- Alternatively, encode any dynamic data into the audience or scope fields, which are accessible during the token generation workflow and can be transformed into token claims as needed.
Please note that the first approach may require creating an M2M application per organization or project, which might not be ideal but simplifies token claim management.
If you have any other questions or need help setting this up, feel free to reach out
Hi Parth,
Just following up to check if your question about adding custom properties to M2M tokens via the API (instead of the dashboard) has been resolved on your end?
If you have any further questions or need assistance with implementing the recommended approaches, please feel free to reach out. Otherwise, I’ll go ahead and close this thread.It is not possible what I need to do, so I've drop that idea to do and change my way for that logic
Hi Parth,
Thanks for the update, completely understand your decision to adjust the approach based on the current platform capabilities.
If you revisit this requirement in the future, or if there are any updates to M2M token customization features, we’ll make sure the documentation reflects that. In the meantime, feel free to reach out if you need help implementing an alternative solution or have any other questions.
Wishing you the best with your project. If there’s nothing else for now, we’ll go ahead and close this thread shortly.