Skip to content
  • Machine-to-Machine (M2M)
  • M2M token customization

Customize the claims of an M2M token

You can customize the claims of tokens issued to Machine-to-Machine (M2M) applications in Kinde by including selected Properties and Feature Flags. This allows you to inject structured metadata and configuration directly into the token, without requiring an additional lookup at runtime.

This is useful for:

  • Routing or behavior changes based on metadata
  • Feature gating in backend systems
  • Configuring AI agents or other automation tools

Where to configure token customization

Link to this section
  1. Go to your M2M application in Kinde
  2. Select the Tokens tab

From here you can:

  • Set the token lifetime
  • Enable Hasura-compatible mapping
  • Opt to include scopes under a permissions claim
  • Toggle on Properties and Feature flags to be included in the token

Tokens remain signed JWTs and can be verified like any other Kinde-issued token.

Include properties in the token

Link to this section

Properties are a flexible metadata system in Kinde. You can define custom fields and assign values to individual M2M applications — for example, tier, region, or model_version.

To include a property in the token:

  1. First, assign the property value to the M2M app (see Add metadata to an M2M application)
  2. Then, in the Tokens tab, toggle that property on

The value will appear in the token under a application_properties claim:

{
"application_properties": {
"region": {
"v": "eu"
},
"tier": {
"v": "pro"
}
}
}

The v is a shortcode for the value of the property.

Only the properties you explicitly toggle on will be included.

Include feature flags in the token

Link to this section

If your M2M app is scoped to an organization, you can also include feature flags that are enabled for that org.

To do this:

  1. In the Tokens tab of the M2M app, toggle on any feature flags you want to include
  2. These flags will appear in the token under a feature_flags claim

Example:

{
"feature_flags": {
"new-ai-agent": {
"t": "b",
"v": true
},
"access-level": {
"t": "s",
"v": "beta"
}
}
}

The t and v are short codes for the type and value of the feature flag.

  • t = type (boolean, string, number)
  • v = value (true | false, “beta”, 1, etc.)

Only the feature flags you explicitly toggle on will be included.

  • Properties must be defined and assigned before they can be included in a token
  • Only environment level feature flags are available for M2M apps
  • Only toggled flags and properties are included - the token stays lean and secure

Complete control over the token

Link to this section

For complete control over the token, you can use the Kinde M2M token generation workflow to customize the token further.

For example, you can:

  • Add custom claims to the token
  • Add custom scopes to the token
  • Add custom metadata to the token