customize m2mToken by adding application properties

[Upatric]

Explain your changes

I added an example illustrating how to customize the m2mToken by incorporating application properties.

Summary by CodeRabbit

• New Features
  • M2M tokens now include all application properties as claims, enabling downstream services to access this information directly from the token.

[coderabbitai]

Walkthrough

A new workflow module for M2M token generation has been introduced. This workflow fetches application properties from the Kinde API and adds them as claims to the generated M2M token. It is configured with specific settings and relies on environment variables and Kinde infrastructure services.

Changes

File(s)	Change Summary
m2mToken/addApplicationPropertiesToM2MWorkflow.ts	New workflow module for M2M token generation; fetches application properties and adds them as token claims.

Sequence Diagram(s)

sequenceDiagram
    participant Event as onM2MTokenGeneratedEvent
    participant Workflow as addApplicationPropertiesToM2MWorkflow
    participant KindeAPI as Kinde API

    Event->>Workflow: Trigger M2M token generation
    Workflow->>KindeAPI: Fetch application properties (using client ID)
    KindeAPI-->>Workflow: Return application properties or error
    Workflow->>Workflow: Add properties as 'allAppProperties' claim to token
    Workflow-->>Event: Complete workflow

Loading

Poem

A token is born, with claims it will grow,
Application secrets, now in tow.
Properties fetched from Kinde’s domain,
Added to tokens, a clever gain.
Hopping along, the workflow’s delight—
Secure little tokens, ready for flight! 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Explain this complex logic.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai explain this code block.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and explain its main purpose.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 2

🧹 Nitpick comments (3)

m2mToken/addApplicationPropertiesToM2MWorkflow.ts (3)

10-11: Workflow ID should be globally unique

id: "m2mTokenGeneration" is generic and may collide with other sample workflows.
Use a namespaced identifier such as "addAppPropsToM2M" to avoid deployment conflicts.

---

40-44: Narrow value type to serialisable primitives

JWT claims must be JSON-serialisable. Typing value as any can hide functions, Dates, etc., leading to runtime serialisation errors.
Suggest restricting to string | number | boolean | null.

---

68-70: Token bloat and potential leakage

Even after the type fix, embedding all application properties may create oversized tokens or leak internal descriptions/IDs.
Consider whitelisting required keys, or trimming large values before assignment.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7ebe3fb and b6ddbcf.

📒 Files selected for processing (1)

• m2mToken/addApplicationPropertiesToM2MWorkflow.ts (1 hunks)

🔇 Additional comments (1)

m2mToken/addApplicationPropertiesToM2MWorkflow.ts (1)

16-22: Binding "url" looks unintended

All other bindings follow the kinde.* namespace. Unless the runtime actually injects a plain url, this entry does nothing and may confuse maintainers. Consider removing or renaming to the correct binding key.

[coderabbitai]

🛠️ Refactor suggestion

Error handling contradicts failurePolicy: "stop"

Catching every error and only logging means the workflow silently succeeds, overriding the declared stop-on-failure policy.
If fetching properties is business-critical, re-throw after logging (or return a WorkflowError) so Kinde halts token issuance. Otherwise, switch failurePolicy to continue.

🤖 Prompt for AI Agents

In m2mToken/addApplicationPropertiesToM2MWorkflow.ts around lines 53 to 64, the
current error handling catches all errors and only logs them, which contradicts
the workflow's failurePolicy set to "stop". To fix this, after logging the
error, re-throw the caught error or throw a WorkflowError to ensure the workflow
halts token issuance as intended. Alternatively, if silent failure is
acceptable, update the failurePolicy to "continue" to match the current
behavior.

[coderabbitai]

⚠️ Potential issue

Type mismatch: array assigned where Record<string, any> expected

m2mToken.allAppProperties is declared as Record<string, any> but you pass an ApplicationProperty[].
This will not compile and—even if coerced—emits a claim format that downstream consumers won’t expect.

-  // Filter and process properties before assigning to token
-  m2mToken.allAppProperties = appProperties;
+  // Convert array → key/value map and strip internal metadata
+  m2mToken.allAppProperties = Object.fromEntries(
+    appProperties.map(({ key, value }) => [key, value]),
+  );

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	interface ApplicationPropertiesClaim {
	allAppProperties: Record<string, any>;
	}
	export default async function Workflow(event: onM2MTokenGeneratedEvent) {
	let appProperties: ApplicationProperty[] = [];
	try {
	const kindeAPI = await createKindeAPI(event);
	const { clientId } = event.context.application;
	const { data } = await kindeAPI.get({
	endpoint: `applications/${clientId}/properties`,
	});
	appProperties = data.properties ?? [];
	} catch (err) {
	console.error("Unable to fetch application properties", err);
	// Optionally: decide whether to rethrow based on business rules
	}
	const m2mToken = m2mTokenClaims<ApplicationPropertiesClaim>();
	// Filter and process properties before assigning to token
	m2mToken.allAppProperties = appProperties;
	}
	interface ApplicationPropertiesClaim {
	allAppProperties: Record<string, any>;
	}
	export default async function Workflow(event: onM2MTokenGeneratedEvent) {
	let appProperties: ApplicationProperty[] = [];
	try {
	const kindeAPI = await createKindeAPI(event);
	const { clientId } = event.context.application;
	const { data } = await kindeAPI.get({
	endpoint: `applications/${clientId}/properties`,
	});
	appProperties = data.properties ?? [];
	} catch (err) {
	console.error("Unable to fetch application properties", err);
	// Optionally: decide whether to rethrow based on business rules
	}
	const m2mToken = m2mTokenClaims<ApplicationPropertiesClaim>();
	// Convert array → key/value map and strip internal metadata
	m2mToken.allAppProperties = Object.fromEntries(
	appProperties.map(({ key, value }) => [key, value]),
	);
	}

🤖 Prompt for AI Agents

In m2mToken/addApplicationPropertiesToM2MWorkflow.ts around lines 48 to 70, the
code assigns an array of ApplicationProperty objects to
m2mToken.allAppProperties, which expects a Record<string, any>. To fix this,
transform the appProperties array into an object mapping property keys to their
values before assignment, ensuring the assigned value matches the expected
Record<string, any> type and maintains the correct claim format.

Prematurely approved

[DaveOrDead]

Hey @Upatric thanks so much for the PR - could you add an entry in the readme.md file where we list out all the examples?