Skip to content
rw3iss Auth

M2MClientRecord

M2MClientRecord

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts

One registry row, as returned by GET /admin/m2m-clients[/{id}]. The secret is NEVER present on reads — it’s emitted exactly once, inside CreateM2MClientResponse.

Properties

allowed_audiences

allowed_audiences: string[]

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts

Advisory: which services this credential is intended for. Receiving services enforce scopes; audiences document intent.


client_id

client_id: string

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts

Stable caller-chosen identifier, e.g. “claimleo-svc”.


created_at

created_at: string

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts


created_by?

optional created_by?: string | null

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts

User id of the admin who minted the client.


description?

optional description?: string

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts


id

id: string

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts


last_used_at?

optional last_used_at?: string | null

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts


name

name: string

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts


revoked_at?

optional revoked_at?: string | null

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts


scopes

scopes: string[]

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts

Granted scope catalog (resource:action strings). The scopes claim on minted service tokens is this set (or the grant request’s narrower subset).


status

status: string

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts

‘active’ | ‘disabled’ (soft-revoked rows are filtered out of list responses server-side).


updated_at

updated_at: string

Defined in: @rw3iss/auth-shared/src/dto/m2m.ts