Introduction
If you've been using Descope for your B2B or B2C applications, then you are probably familiar with how authentication works and how it can be customized. However, when implementing authentication between two servers that you control, you can utilize Descope Access Keys for the machine-to-machine authentication. To configure these access keys, as well as set up M2M authentication, you can follow the steps listed below in this guide.
If you wish to use an OAuth Client Credential grant type instead of using Access Keys directly, you can read about how to use the respective OAuth 2.0 endpoints here
Setting up Access Keys
- You'll need to first create your access key. Head over to the Descope Console, and click on the + in the top right corner to create a new one.
- Once it's created, copy that access key to the clipboard for our use later on:
Each access key will contain the expiration duration you've set, along with any tenants or roles you and may have selected. The tenants and roles association work similarly to the user management.
- If you are using Node, Python, or Go SDKs then you can follow the steps here to exchange that access key for a JWT token. This JWT token is what will be used with the rest of your application, to valid that you are authenticated.
Example with Node.js:
const accessKey = "xxxx"
const resp = await descopeClient.exchangeAccessKey(accessKey)If you are not using any of the SDKs, you can also exchange your access key for a JWT, using the API listed here.
And that's it! In three simple steps, you can configure your access keys and authenticate your requests between various servers, with just a few simple lines of code.
It's important to protect your other server security layers and rotate the access keys often, as this form of authentication is extremely vulnerable to attackers if the access key is compromised.
If you have any questions or concerns about the use of Access Keys or M2M authentication, feel free to reach out to us!