K
Kinde7mo ago
andro

Org-scoped M2M tokens?

I'm looking to implement programmatic API access for our users so that they can setup org-scoped tokens on their own (for CICD for example). Is there any way to set this up?
22 Replies
andro
androOP7mo ago
Or even just API keys associated with a given user/their org
Oli - Kinde
Oli - Kinde7mo ago
Hey @andro, We are currently building a feature to add M2M token scopes (permissions) - see here: https://updates.kinde.com/board/machine-to-machine-application-tokens-api-scopes Would this solve your use-case?
M2M token scopes (permissions)
M2M token scopes (permissions)
Oli - Kinde
Oli - Kinde7mo ago
You can give user's access to API keys with your registered API with Kinde - see here: https://docs.kinde.com/developer-tools/kinde-api/access-to-your-api/#via-app-keys
Kinde docs
Give others access to your API
Our developer tools provide everything you need to get started with Kinde.
andro
androOP7mo ago
Yeah this could work given M2M token roles but i dont want "scopes" i think in ther terminology used, I want roles which assign permissions
Oli - Kinde
Oli - Kinde7mo ago
Understood. In the meantime, you could add feature flag values to a M2M token, and treat those feature flag values as an M2M token role.
No description
Oli - Kinde
Oli - Kinde7mo ago
I can help you further if you can explain more about your use-case for roles in the M2M token. Roles are always, and should always, be associated with a user. A M2M token should always be associated with a machine. So M2M roles does not make sense (architecturally), since there should be any user associated with an M2M token
andro
androOP7mo ago
what im really looking to do is build "personal-access tokens" that are associated with a given organization (so more like "organization-access tokens") i.e. token exchange would occur with a client id/secret instead of username/password
Oli - Kinde
Oli - Kinde7mo ago
Understood. In that case, I would suggest creating an API key per org as per the details here: https://docs.kinde.com/developer-tools/kinde-api/access-to-your-api/#via-app-keys And give M2M roles with the feature flag workaround mentioned above.
Kinde docs
Give others access to your API
Our developer tools provide everything you need to get started with Kinde.
andro
androOP7mo ago
thanks. is there any eta on m2m token permissions? i see it is "now" but any insight into what that means?
Oli - Kinde
Oli - Kinde7mo ago
M2M tokens permissions should be live within the next 2 weeks.
andro
androOP7mo ago
thanks, i'll just wait it out then. any way to sign up for updates on this? great product you all have!
Oli - Kinde
Oli - Kinde7mo ago
You can be notified when the feature is live by subscribing here: https://updates.kinde.com/board/machine-to-machine-application-tokens-api-scopes
M2M token scopes (permissions)
M2M token scopes (permissions)
Oli - Kinde
Oli - Kinde7mo ago
Thanks for the feedback
andro
androOP7mo ago
thanks
Oli - Kinde
Oli - Kinde7mo ago
No worries
Oli - Kinde
Oli - Kinde7mo ago
Hey @andro, The API scopes feature mentioned above is actually now live. You can read details about how to use the feature here: https://docs.kinde.com/developer-tools/kinde-api/custom-api-scopes/#_top Let me know if you have any questions.
Kinde docs
Secure your API using scopes
Our developer tools provide everything you need to get started with Kinde.
nerdalert
nerdalert7mo ago
I have a similar question, I need each tenant in my system (Organziation) to be able to generate an access token via an API call to then use to call other API endpoints I have that restricts them to their tenant via OrgCode.
andro
androOP7mo ago
I wasn't able to get the kinde-native system working the way I wanted, so I just wrote my own with a similar structure to github PATs
Oli - Kinde
Oli - Kinde7mo ago
Hey @mfraser, Are you able to elaborate a bit more on your use-case? In your comment above, is "each tenant" a machine representing an organization? Hey @andro, I am keen to understand more about what went wrong and why you werent able to get Kinde working the way you wanted, if you are able to share?
andro
androOP7mo ago
1) there's no easy way to tie the token to an org specifically 2) i dont want to pay for scopes when i just want the same permissioning as i give users 3) it would be ideal for API key users to not have to go through the token exchange flow
nerdalert
nerdalert7mo ago
Andro's response number 1 and 3 nail it, not sure if paying for scopes would even solve the problem. We plan on having 100's if not more companies integrating to our platform via our API's to manage their data and without and easy way to tie the token to and org things become much more complicated
andro
androOP7mo ago
Right, at that point it makes sense for me to just implement it myself. Provides a better flow for my users as well.
Want results from more Discord servers?
Add your server