Use this file to discover all available pages before exploring further.
The Machine to Machine trigger runs when an is being issued via the Client Credentials Flow.
Actions in this flow are blocking (synchronous), which means they execute as part of a trigger’s process and will prevent the rest of the Auth0 pipeline from running until the Action is complete.
A credentials-exchange Action can be used to deny an access token based on custom logic.
/** * @param {Event} event - Details about client credentials grant request. * @param {CredentialsExchangeAPI} api - Interface whose methods can be used to change the behavior of client credentials grant. */exports.onExecuteCredentialsExchange = async (event, api) => { if (event.request.geoip.continentCode === "NA") { api.access.deny('invalid_request', "Access from North America is not allowed."); }};
A credentials-exchange Action can be used to add custom claims to an access token.
/** * @param {Event} event - Details about client credentials grant request. * @param {CredentialsExchangeAPI} api - Interface whose methods can be used to change the behavior of client credentials grant. */exports.onExecuteCredentialsExchange = async (event, api) => { api.accessToken.setCustomClaim("https://my-api.exampleco.com/request-ip", event.request.ip); };
We strong recommend using namespaced custom claim in the form of a URI. To learn more about namespaced and non-namespaced custom claims, read Create Custom Claims.
