Skip to content

fix: pass resource param in M2M token request for JWT issuance#8

Merged
raghavyuva merged 1 commit intomainfrom
fix/m2m-token-resource-param
Apr 8, 2026
Merged

fix: pass resource param in M2M token request for JWT issuance#8
raghavyuva merged 1 commit intomainfrom
fix/m2m-token-resource-param

Conversation

@raghavyuva
Copy link
Copy Markdown
Contributor

@raghavyuva raghavyuva commented Apr 8, 2026

Summary

  • getM2MToken() was not passing the resource parameter in the client_credentials token request
  • Without resource, the auth service returns an opaque token instead of a JWT
  • The Nixopus API requires a JWT for M2M auth validation via JWKS, so opaque tokens silently fail and fall through to session auth (401)
  • Now passes config.apiUrl as resource so the token is issued as a JWT with the correct audience

Test plan

  • Ensure API_URL is set in the agent's environment (e.g. https://api.nixopus.com/api or http://nixopus-api:8443)
  • Ensure the API URL is included in M2M_AUDIENCES on the auth service
  • Fire an incident event and verify the agent successfully calls back to the API (no more 401)

@raghavyuva
fix: pass resource param in M2M token request for JWT issuance
54b6f1e 
Without the resource parameter, the auth service returns an opaque token
instead of a JWT. The API requires a JWT for M2M auth validation via JWKS.
Pass config.apiUrl as the resource so the token includes the correct
audience claim.
@raghavyuva raghavyuva merged commit 73376be into main Apr 8, 2026
1 check passed
@raghavyuva raghavyuva deleted the fix/m2m-token-resource-param branch April 8, 2026 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@raghavyuva