How to add custom claims to client_credentials grant access token

For the Auth Code flow, we can add custom claims in the access / id token when accepting the Consent.
How can we add custom claims when issuing a token through the client_credentials grant.
The use case is that I want to fetch permissions from the database for the client service and store them in the token so that the service’s permissions can be verified by the API just like it verifies the user’s permissions from the token that were stored in the token when the consent was accepted.

As far as I see, the consent endpoint and UI is not used with the client_credentials grant type. Please let me know if I am missing something here.
To get the token with client_credentials grant, I make the following request:

curl --location --request POST 'localhost:10000/oauth2/token' --header 'Content-Type: application/x-www-form-urlencoded' --data-urlencode 'grant_type=client_credentials' --data-urlencode 'client_id=sample-client-backend' --data-urlencode 'client_secret=Syz0bSDiwForUHLV~SxTUPKG-D'

How is the consent flow involved here?

Ah sorry, I misread - yes that is currently not possible, see:

Okay, thank you. Seems like a long discussion there.
Now, I am trying to use the authorization server containing the consent/login flows to work as a proxy for Hydra. So when a client_credentials token is requested, it takes the response from Hydra and modifies the token and then returns it.

1 Like