Actions Triggers: credentials-exchange

Actions Triggers: credentials-exchange

The credentials-exchange triggers runs as part of the Machine to Machine Flow. It is executed as part of the Client Credentials Flow.

Reference

  • Event object: Provides contextual information about the request for a client credentials exchange.

  • API object: Provides methods for changing the behavior of the flow

Common use cases

Access control

A credentials-exchange Action can be used to deny an access token based on custom logic.

/**
 * @param {Event} event - Details about client credentials grant request.
 * @param {CredentialsExchangeAPI} api - Interface whose methods can be used to change the behavior of client credentials grant.
 */
exports.onExecuteCredentialsExchange = async (event, api) => {
  if (event.request.geoip.continentCode === "NA") {
    api.access.deny('invalid_request', "Access from North America is not allowed.");
  }
};

Was this helpful?

/

Add custom claims to the access token

A credentials-exchange Action can be used to add custom claims to an access token.

/**
 * @param {Event} event - Details about client credentials grant request.
 * @param {CredentialsExchangeAPI} api - Interface whose methods can be used to change the behavior of client credentials grant.
 */
exports.onExecuteCredentialsExchange = async (event, api) => {
  api.accessToken.setCustomClaim("https://my-api.exampleco.com/request-ip", event.request.ip);  
};

Was this helpful?

/