I'm using a M2M setup to Auth0, and calling it via REST API in Outsystems
All the fields (clientid, secret, etc) are there by default but 'audience' is missing
If I don't include this using CURL, it returns a 403
I thought I could use OnBeforeRequest but that seems it's required for request, not the auth step.
e.g. I put a breakpoint inside "BeforeRequest" and it's never hit, instead it returns this
Is there a way for Outsystems provided this field for OAuth 2.0: client credentials option?
Or have I missed something?
Hi Andrew,
you mean the configuration settings for a REST consume where you can specify credentials, right?
An audience parameter in client credentials flow is special, it is not part of the common OAuth 2 spec, although some Idp have it. In this case you cannot use the built in client credential flow settings.
You have to create a separate REST consume operation to the token endpoint of your Idp realm (or whatever it is called in Auth0) and post a form url encoded request like thisgrant_type=client_credentials&client_id=xxxxxxxxxx&client_secret=xxxxxxxxxx&audience=xxxxxxxxxxx
plus all extra parameters you need.
This will return a structure with an access_token (and expiry).
At your REST consume operation you add the Authorization input parameter and in your calling server action you set this input parameter to "BEARER <access token".
Stefan