Auth0 · Arazzo Workflow

Auth0 Create Client and Grant Access to an Existing API

Version 1.0.0

Create a client application, grant it access to an existing API audience, then read the grant back.

1 workflow 1 source API 1 provider
View Spec View on GitHub AI AgentsAuthenticationAuthorizationFGAIdentity ManagementMCPOAuthOktaOpenID ConnectSAMLSecuritySCIMArazzoWorkflows

Provider

auth0

Workflows

create-client-grant-to-api
Create a client and authorize it for an existing API audience.
Creates a client, creates a client grant for the supplied audience with the requested scopes, and reads the grant back to verify.
3 steps inputs: audience, clientName, scope outputs: clientId, grant, grantId
1
createClient
post_clients
Create a new client application.
2
createGrant
post_client-grants
Authorize the client for the supplied API audience with the requested scopes.
3
getGrant
get_client-grant
Read the client grant back to confirm it was created.

Source API Descriptions

openapi
auth0ManagementApi https://raw.githubusercontent.com/api-evangelist/auth0/refs/heads/main/openapi/auth0-management-api-openapi.yml

Arazzo Workflow Specification

auth0-create-client-grant-to-api-workflow.yml Raw ↑ 
arazzo: 1.0.1
info:
  title: Auth0 Create Client and Grant Access to an Existing API
  summary: Create a client application, grant it access to an existing API audience, then read the grant back.
  description: >-
    Authorizes a new application against an API that already exists. The
    workflow creates a client application, creates a client grant binding it to
    the supplied existing API audience with the requested scopes, and reads the
    grant back to confirm. Each step spells out its request inline so the flow
    can be read and executed without opening the underlying OpenAPI description.
  version: 1.0.0
sourceDescriptions:
- name: auth0ManagementApi
  url: ../openapi/auth0-management-api-openapi.yml
  type: openapi
workflows:
- workflowId: create-client-grant-to-api
  summary: Create a client and authorize it for an existing API audience.
  description: >-
    Creates a client, creates a client grant for the supplied audience with the
    requested scopes, and reads the grant back to verify.
  inputs:
    type: object
    required:
    - clientName
    - audience
    properties:
      clientName:
        type: string
        description: Name for the client application.
      audience:
        type: string
        description: The existing API identifier (audience) to grant access to.
      scope:
        type: array
        description: Scopes the client grant should allow for this audience.
        items:
          type: string
  steps:
  - stepId: createClient
    description: >-
      Create a new client application.
    operationId: post_clients
    requestBody:
      contentType: application/json
      payload:
        name: $inputs.clientName
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      clientId: $response.body#/client_id
  - stepId: createGrant
    description: >-
      Authorize the client for the supplied API audience with the requested
      scopes.
    operationId: post_client-grants
    requestBody:
      contentType: application/json
      payload:
        client_id: $steps.createClient.outputs.clientId
        audience: $inputs.audience
        scope: $inputs.scope
    successCriteria:
    - condition: $statusCode == 201
    outputs:
      grantId: $response.body#/id
  - stepId: getGrant
    description: >-
      Read the client grant back to confirm it was created.
    operationId: get_client-grant
    parameters:
    - name: id
      in: path
      value: $steps.createGrant.outputs.grantId
    successCriteria:
    - condition: $statusCode == 200
    outputs:
      grant: $response.body
  outputs:
    clientId: $steps.createClient.outputs.clientId
    grantId: $steps.createGrant.outputs.grantId
    grant: $steps.getGrant.outputs.grant