K
Kinde4mo ago
Parth

Set application properties in M2M token using management API

I've set the flow to create a backend application in Kinde when a user requests it using management API. At that time I'm also setting app properties with it because I want that property in my M2M token. How to enable those properties to reflect in my M2M token with management API? https://docs.kinde.com/properties/work-with-properties/properties-in-tokens/ As defined in the above link, I have to do it from my dashboard, but I want to do it using management APIs?
Kinde docs
Add and manage properties in tokens
Our developer tools provide everything you need to get started with Kinde.
21 Replies
Roshan
Roshan4mo ago
Hey there, Thanks for reaching out. Currently, programmatically enabling properties to reflect in an M2M token using the Kinde Management API is not supported. However, you can use Kinde Workflows as a workaround to achieve token customization. By integrating and configuring a GitHub repository with Kinde to run the necessary code during the authentication flow, you can modify the token to include specific claims or properties. You can find more information about how to set up and use Kinde Workflows in this section of the documentation.
Parth
ParthOP4mo ago
I want the application name of that client-credentials and app-properties in M2M token. If I set the workflow on M2M token generation, though how do I get these things there?
Roshan
Roshan4mo ago
In the M2M token generation workflow, you can access both the application name and app properties through the workflow event object (https://docs.kinde.com/workflows/example-workflows/m2m-token-generation-workflow/). You can find an example code in the attached document link. You can use the kinde.m2mToken binding to modify claims in the generated access token. This allows you to add additional custom claims to the M2M token before it is delivered to your product. Note that you cannot modify tokens when the Kinde management API has been requested as an audience.
Parth
ParthOP4mo ago
{
  "request": {
    "auth": {
      "audience": ["<EXAMPLE_API>"],
      "scope": ["read:users"]
    },
    "ip": "192.168.0.1"
  },
  "context": {
    "domains": {
      "kindeDomain": "https://example.kinde.com" // Your Kinde domain
    },
    "application": {
      "clientId": "299627bd8bfa493f8b17e6aec8ebfb86" // the M2M application ID
    },
    "workflow": {
      "trigger": "m2m:token_generation"
    }
  }
}
{
  "request": {
    "auth": {
      "audience": ["<EXAMPLE_API>"],
      "scope": ["read:users"]
    },
    "ip": "192.168.0.1"
  },
  "context": {
    "domains": {
      "kindeDomain": "https://example.kinde.com" // Your Kinde domain
    },
    "application": {
      "clientId": "299627bd8bfa493f8b17e6aec8ebfb86" // the M2M application ID
    },
    "workflow": {
      "trigger": "m2m:token_generation"
    }
  }
}
This is what I can get in event object. There is only application clientId available. And I've tried I'm not getting app-properties there. Let me know if that is possible?
Roshan
Roshan4mo ago
hey there, As I mentioned earlier, you can use kinde.m2mToken binding. You could add claims like kinde.m2mToken.setCustomClaim("customField1", "some value");
Parth
ParthOP4mo ago
kinde.m2mToken.setCustomClaim("customField1", "some value");
kinde.m2mToken.setCustomClaim("customField1", "some value");
But here in customField1 and in someValue i want the app property I set. How do I get that propery in workflow? My question is how do I get the app property in workflow?
Roshan
Roshan4mo ago
I understand what you are pursuing now. You are right, we can not embed data in the workflow event itself. Let me look more closely and get back to you shortly.
Parth
ParthOP4mo ago
export default async function Workflow(event: onM2MTokenGeneratedEvent) {
    const response = await fetch(
        `${event.context.domains.kindeDomain}/api/v1/applications/${event.context.application.clientId}/properties`,
        {
            headers: {
                Authorization: "Bearer YOUR_SECRET_TOKEN",
            },
        }
    );
}
export default async function Workflow(event: onM2MTokenGeneratedEvent) {
    const response = await fetch(
        `${event.context.domains.kindeDomain}/api/v1/applications/${event.context.application.clientId}/properties`,
        {
            headers: {
                Authorization: "Bearer YOUR_SECRET_TOKEN",
            },
        }
    );
}
One thing I can do is call the getProperties api inside workflow, but there also I have to pass access_token in header, which also I don't have there
Roshan
Roshan4mo ago
Okay, I am looking at it with the team. Will let you know if there's any update.
Patrick
Patrick3mo ago
Hi @PARTH , we are still looking at the solution. Will reach out to you if there are any updates.
Roshan
Roshan3mo ago
Hi there, I was able to customize the m2m token using workflow. 
import {
  onM2MTokenGeneratedEvent,
  WorkflowSettings,
  WorkflowTrigger,
  createKindeAPI,
  m2mTokenClaims
} from "@kinde/infrastructure";

export const workflowSettings: WorkflowSettings = {
  id: "m2mTokenGeneration",
  name: "M2M custom claims",
  failurePolicy: {
    action: "stop",
  },
  trigger: WorkflowTrigger.M2MTokenGeneration,
  bindings: {
    "kinde.m2mToken": {}, // required to modify M2M access token
    "kinde.fetch": {}, // Required for API calls
    "kinde.env": {}, // required to access your environment variables
    "kinde.mfa": {},
    url: {}, // required for url params
  },
};

export default async function Workflow(event: onM2MTokenGeneratedEvent) {
  const kindeAPI = await createKindeAPI(event);

  const { clientId } = event.context.application;

  const { data } = await kindeAPI.get({
    endpoint: `applications/${clientId}/properties`,
  });
  const { properties: appProperties } = data;

  console.log({appProperties});

  const m2mToken = m2mTokenClaims<{
    applicationProperties: any;
  }>();

  m2mToken.applicationProperties = appProperties;

  console.log({ m2mToken })
}
import {
  onM2MTokenGeneratedEvent,
  WorkflowSettings,
  WorkflowTrigger,
  createKindeAPI,
  m2mTokenClaims
} from "@kinde/infrastructure";

export const workflowSettings: WorkflowSettings = {
  id: "m2mTokenGeneration",
  name: "M2M custom claims",
  failurePolicy: {
    action: "stop",
  },
  trigger: WorkflowTrigger.M2MTokenGeneration,
  bindings: {
    "kinde.m2mToken": {}, // required to modify M2M access token
    "kinde.fetch": {}, // Required for API calls
    "kinde.env": {}, // required to access your environment variables
    "kinde.mfa": {},
    url: {}, // required for url params
  },
};

export default async function Workflow(event: onM2MTokenGeneratedEvent) {
  const kindeAPI = await createKindeAPI(event);

  const { clientId } = event.context.application;

  const { data } = await kindeAPI.get({
    endpoint: `applications/${clientId}/properties`,
  });
  const { properties: appProperties } = data;

  console.log({appProperties});

  const m2mToken = m2mTokenClaims<{
    applicationProperties: any;
  }>();

  m2mToken.applicationProperties = appProperties;

  console.log({ m2mToken })
}
- You need to configure KINDE_WF_M2M_CLIENT_ID and KINDE_WF_M2M_CLIENT_SECRET in the Settings &gt; Data Management &gt; Env variables with M2M application Client_ID and Client_Secret. - A custom API must be used to obtain the machine-to-machine (M2M) access token, rather than the Kinde Management API. This is necessary because we need to use the Kinde Management API to retrieve application properties within the workflow. In this case, we must ensure that requests are not sent from the same audience. Please let me know if you have any questions.
Parth
ParthOP3mo ago
Thank you @Patrick, for your response. Why there is a need of creating API? Becuase then I have to create new API everytime when I request for m2m token.
Roshan
Roshan3mo ago
Could you elaborate on your question? Wasn't your intention to get application properties and include them in the token?
Parth
ParthOP3mo ago
Yes, I want to get app properties in token. But in your solution you have called createKindeAPI() method which create new Kinde API. It will create new Kinde API whenever there is a m2m token creation request. I don't want that.
Roshan
Roshan3mo ago
Can you tell me why?
Parth
ParthOP3mo ago
You tell me: const kindeAPI = await createKindeAPI(event); won't this create new API in Kinde everytime? And I want my Kinde system works on multiple application way, not on multiple APIs way
Roshan
Roshan3mo ago
So, currently, there are limitations with our management API. Currently, it is not possible to enable properties through the API. Instead, you might need to integrate a workflow to customize m2mToken. So, for your question, yes, it will create a new API instance to get application properties. I am not sure what you were referring to by saying "I want my Kinde system works on multiple application way, not on multiple APIs way" but as I mentioned earlier, there are some limitations for enabling the properties. I am not saying my solution is perfect, but I just wanted it to help you. I understand you worry about several factors calling APIs every time. Enabling application properties through the management API is on our roadmap. But for now, this might be a solution we can provide.
Parth
ParthOP3mo ago
Just let me know that will createKindeAPI() create a new Kinde API which we are using as a audience in Kinde client or it is a different reference?
Roshan
Roshan3mo ago
The createKindeAPI() function creates a client for accessing the Kinde Management API, which is different from the audience parameter used in Kinde client configurations.
Parth
ParthOP3mo ago
Ok, then no problem. I was thinking that is is the same API which is used in audience. I'll use this solution as of now and will let you know if there is any help needed. Thank you
Roshan
Roshan3mo ago
My pleasure, we're here to help you. :)

Did you find this page helpful?