Import M2M Clients from Auth0

Stytch's M2M Authentication supports importing clients from other platforms like Auth0. Use Stytch to import pre-existing client_ids, client_secrets, and assigned scopes without any data transformations or downtime.

Before you start

In order to complete this guide, you'll need the following:

  • A Stytch B2B project. If you don't have one already, in the Dashboard, click on your existing project name in the top left corner of the Dashboard, click Create a new project, and then select B2B Authentication.
  • The project Test environment's project_id and secret from the API keys section. You'll need to pass these values into the Authorization request header for every Stytch API call.
  • Existing clients stored in a different M2M service.

Step 1: Access your existing client

First, access your existing client wherever it is stored. For this guide, we'll use Auth0 as an example.

On Auth0 and under Applications, select an already created M2M client.

Auth0 client

You'll need to find and copy the client's values that correspond to the following Stytch M2M Client fields:

  • client_id
  • client_secret

Step 2: Import the client via API or the Dashboard UI

In this guide, you'll use the Dashboard UI to do the import.

In the Dashboard, navigate to M2M Clients and then click the Import button. A popup modal will appear prompting you to enter the client ID and secret.

Import client to Stytch

Enter the client's values you copied from Step 1 and click Import.

Step 3: Add any additional metadata

After the import, you can update the M2M Client with additional metadata like client_name and client_description.

Edit M2M client

More importantly, you can transfer any previously defined scopes during this step. In Auth0, navigate to your client's permissions and record the scopes you want to transfer.

Auth0 permissions

Then in Stytch, scroll down to the Scopes section of the newly imported M2M Client and click + Add scopes. A popup modal will appear prompting you to type in the scopes and separate them by a single space.

Import scopes

Click Save when you've finished editing the M2M Client.

Step 4: Validate the access token's payload

To confirm a successful import, issue an access token for the M2M Client and decode the JWT.

{
  "aud": [
    "{PROJECT_ID}"
  ],
  "exp": 1693492107,
  "iat": 1693488507,
  "iss": "stytch.com/{PROJECT_ID}",
  "nbf": 1693488507,
  "scope": "read:users update:users",
  "sub": "lJJsWpAmd42q0EEJHJoSAxTPzdgpzF0i"
}

The access token's payload and standard claims should show the following data:

  • The iss and sub match or contain your project_id.
  • The scope matches the scopes you entered in Step 3.
  • The sub matches the client_id you imported from Steps 1 and 2.

If the criteria are met, your M2M Client has successfully been imported to Stytch.