M2M support for Third-Party Apps#1202
Merged
Merged
Conversation
lrzhou25
reviewed
May 18, 2026
…curity-controls.mdx Co-authored-by: Lucy Zhou <141781699+lrzhou25@users.noreply.github.com>
…curity-controls.mdx Co-authored-by: Lucy Zhou <141781699+lrzhou25@users.noreply.github.com>
…curity-controls.mdx Co-authored-by: Lucy Zhou <141781699+lrzhou25@users.noreply.github.com>
lrzhou25
reviewed
May 19, 2026
lrzhou25
previously approved these changes
May 20, 2026
avanscoy
reviewed
May 20, 2026
| **Requirements and constraints:** | ||
|
|
||
| - The application must be a confidential client (`token_endpoint_auth_method` must not be `none`). | ||
| - [Organizations](/docs/manage-users/organizations): Machine-to-machine access with Organizations is supported. An explicit [organization client grant](/docs/manage-users/organizations/organizations-for-m2m-applications/configure-your-application-for-m2m-access) is required for each organization. The `allow_any_organization` option is not permitted for third-party applications. Default client grants for third-party applications cannot be used to configure `organization_usage`. |
Contributor
There was a problem hiding this comment.
This bullet point doesn't match the style of the others and seems unbalanced. Either updated this bullet point to be similar:
- An explicit Organization client grant is required for each Organization.
Or update the others:
- Client-type: The application must be a confidential client
avanscoy
reviewed
May 20, 2026
|
|
||
| **Extensibility:** | ||
|
|
||
| - [Actions](/docs/customize/actions) with the `credentials-exchange` trigger execute normally. |
Contributor
There was a problem hiding this comment.
Awkward to read. This falls under requirements and constraints, so suggestion:
- Configure the Auth0 Actions
credential-exchangetrigger
avanscoy
approved these changes
May 20, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
References
Checklist
CONTRIBUTING.md.