auth0-python icon indicating copy to clipboard operation
auth0-python copied to clipboard
verified publisher icon auth0

Client credentials flow: organisation parameter is ignored

Open alfechner opened this issue 1 year ago • 1 comments

Checklist

  • [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
  • [X] I have looked into the API documentation and have not found a suitable solution or answer.
  • [X] I have searched the issues and have not found a suitable solution or answer.
  • [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
  • [X] I agree to the terms within the Auth0 Code of Conduct.

Description

The organization parameter of the client_credentials flow is ignored.

From the docstring:

organization (str, optional): Optional Organization name or ID. When included, the access token returned will include the org_id and org_name claims

However, if I pass the organization id it's ignored and neither org_id nor org_name shows up in the token.

I'm wondering if I need to assign the client app to an organization first but there is no way to do that nor did I find anything related in the docs.

Reproduction

  1. Generate a token using client_credentials flow and pass a valid org id via the organization parameter.
  2. Decrypt the token using e.g. jwt.io.
  3. The claims org_id nor org_name are missing

Additional context

No response

auth0-python version

4.7.1

Python version

3.12

alfechner avatar May 18 '24 11:05 alfechner

Hi @alfechner, just wanted to follow up here after verifying this behavior.

We tested the client_credentials flow using the SDK and passed the organization parameter. As long as the client is properly assigned to the organization in the Auth0 dashboard, and the audience (API) is authorized, the resulting token correctly includes the org_id claim.

This suggests the SDK is working as expected, and the issue may be related to tenant configuration. You can check:

  • The client application is assigned to the organization under Organizations → [Org] → Applications.
  • The API (audience) is authorized for that application.
  • The organization parameter passed in the SDK matches the org ID exactly.

If you're still running into issues after checking that, feel free to share the request payload you're using (with sensitive data redacted), and we’d be happy to take another look.

Thanks again for raising this!

kishore7snehil avatar Jun 05 '25 16:06 kishore7snehil

Closing this issue due to inactivity.

kishore7snehil avatar Jul 02 '25 16:07 kishore7snehil