Skip to content
Visit Kinde’s marketing website Kinde Docs
  • Workflows
  • Workflow examples

M2M token generation workflow

Trigger: m2m:token_generation

This trigger fires when an M2M token is generated.

Example use cases

Link to this section

Custom claims

Link to this section

You may want to add additional custom claims to the M2M token before it is delivered to your product.

Correlate an M2M application with an organization or user

Link to this section

If you want, you can use M2M applications similar to API keys to enable access to various endpoints and tie them to an organization or user. For example, you add the organization code as a custom property on the M2M application, then fetch any data you’d like to include in the token.

Workflow code

Link to this section

The event object

Link to this section

The main argument provided to your code is the Kinde workflow event object which has two keys request and context. This gives you access to the reason the workflow was triggered. Here’s an example:

{
  "request": {
    "auth": {
      "audience": ["<EXAMPLE_API>"]
    },
    "ip": "192.168.0.1"
  },
  "context": {
    "domains": {
      "kindeDomain": "https://example.kinde.com" // Your Kinde domain
    },
    "application": {
        "clientId": "299627bd8bfa493f8b17e6aec8ebfb86" // the M2M application ID
    },
    "workflow": {
        "trigger": "m2m:token_generation"
    }
}


### Workflow settings


```jsx
export const workflowSettings = {
  id: "m2mTokenGeneration",
  name: "M2M custom claims",
  failurePolicy: {
    action: "stop",
  },
  trigger: "m2m:token_generation",
  bindings: {
    "kinde.m2mToken": {}, // required to modify M2M access token
    "kinde.fetch": {}, // Required for external API calls
    "kinde.env": {}, // required to access your environment variables
    url: {}, // required for url params
  },
};

M2M token binding

Link to this section

The kinde.m2mToken binding is used to modify claims in the generated access token.

A simple example

Link to this section
kinde.m2mToken.setCustomClaim("hello", "world");

An advanced example using Kinde API to correlate an organization to an M2M application.

Link to this section
import { createKindeAPI } from "@kinde/infrastructure";


export const workflowSettings = {
  id: "m2mTokenGeneration",
  name: "M2M custom claims",
  failurePolicy: {
    action: "stop",
  },
  trigger: "m2m:token_generation",
  bindings: {
    "kinde.m2mToken": {}, // required to modify M2M access token
    "kinde.fetch": {}, // Required for external API calls
    "kinde.env": {}, // required to access your environment variables
    url: {}, // required for url params
  },
};


export default async function handleM2M(event) {


  // Get a token for Kinde management API
  const kindeAPI = await createKindeAPI(event);


  // Call Kinde applications properties API
  const { data } = await kindeAPI.get({
    endpoint: `applications/${event.context.application.clientId}/properties`,
  });
  const {appProperties} = data;


  // Get the org code property to make the correlation
  const orgCode = appProperties.find(prop => prop.key === 'org_code');


  // Get org data from Kinde management API
  const { data: org } = await kindeAPI.get({
    endpoint: `organization?code=${orgCode.value}`
  });


  // Use the data to set the org data on the M2M token
  kinde.m2mToken.setCustomClaim('orgName', org.name);
  kinde.m2mToken.setCustomClaim('orgCode', org.code);
};

Related articles

Useful links

  • Join the community

    Get support from the Kinde team and expert users in the Kinde community

    Join via Slack or Discord

  • Contact support

    Chat to support through the Kinde help widget, or send a question via email

    Send an email