Skip to content
rw3iss Auth

M2MClientRecord

M2MClientRecord

Defined in: dto/m2m.ts:21

One registry row, as returned by GET /admin/m2m-clients[/{id}]. The secret is NEVER present on reads — it’s emitted exactly once, inside CreateM2MClientResponse.

Properties

allowed_audiences

allowed_audiences: string[]

Defined in: dto/m2m.ts:33

Advisory: which services this credential is intended for. Receiving services enforce scopes; audiences document intent.


client_id

client_id: string

Defined in: dto/m2m.ts:24

Stable caller-chosen identifier, e.g. “claimleo-svc”.


created_at

created_at: string

Defined in: dto/m2m.ts:37


created_by?

optional created_by?: string | null

Defined in: dto/m2m.ts:42

User id of the admin who minted the client.


description?

optional description?: string

Defined in: dto/m2m.ts:26


id

id: string

Defined in: dto/m2m.ts:22


last_used_at?

optional last_used_at?: string | null

Defined in: dto/m2m.ts:39


name

name: string

Defined in: dto/m2m.ts:25


revoked_at?

optional revoked_at?: string | null

Defined in: dto/m2m.ts:40


scopes

scopes: string[]

Defined in: dto/m2m.ts:30

Granted scope catalog (resource:action strings). The scopes claim on minted service tokens is this set (or the grant request’s narrower subset).


status

status: string

Defined in: dto/m2m.ts:36

‘active’ | ‘disabled’ (soft-revoked rows are filtered out of list responses server-side).


updated_at

updated_at: string

Defined in: dto/m2m.ts:38