chore(backend): Allow usage of machine secret key when listing M2M tokens (#7968)

Author: wobsoriano

.changeset/smooth-points-search.md

@@ -0,0 +1,14 @@
+---
+"@clerk/backend": patch
+---
+
+Allow usage of machine secret key when listing M2M tokens:
+
+```ts
+const clerkClient = createClerkClient();
+
+const m2mToken = await clerkClient.m2m.list({
+  machineSecretKey: 'ak_xxxxx',
+  subject: machineId,
+});
+```

packages/backend/src/api/__tests__/M2MTokenApi.test.ts

@@ -626,6 +626,35 @@ describe('M2MToken', () => {
       expect(response.totalCount).toBe(2);
     });
 
+    it('lists m2m tokens using machine secret key option', async () => {
+      const apiClient = createBackendApiClient({
+        apiUrl: 'https://api.clerk.test',
+      });
+
+      server.use(
+        http.get(
+          'https://api.clerk.test/m2m_tokens',
+          validateHeaders(({ request }) => {
+            expect(request.headers.get('Authorization')).toBe('Bearer ak_xxxxx');
+            const url = new URL(request.url);
+            expect(url.searchParams.get('subject')).toBe(machineId);
+            expect(url.searchParams.has('machineSecretKey')).toBe(false);
+            return HttpResponse.json(mockM2MTokenList);
+          }),
+        ),
+      );
+
+      const response = await apiClient.m2m.list({
+        machineSecretKey: 'ak_xxxxx',
+        subject: machineId,
+      });
+
+      expect(response.data).toHaveLength(2);
+      expect(response.data[0].id).toBe('mt_1xxxxxxxxxxxxx');
+      expect(response.data[1].id).toBe('mt_2xxxxxxxxxxxxx');
+      expect(response.totalCount).toBe(2);
+    });
+
     it('requires a machine secret or instance secret to list m2m tokens', async () => {
       const apiClient = createBackendApiClient({
         apiUrl: 'https://api.clerk.test',

packages/backend/src/api/endpoints/M2MTokenApi.ts

@@ -21,6 +21,10 @@ const basePath = '/m2m_tokens';
 export type M2MTokenFormat = 'opaque' | 'jwt';
 
 type GetM2MTokenListParams = ClerkPaginationRequest<{
+  /**
+   * Custom machine secret key for authentication.
+   */
+  machineSecretKey?: string;
   /**
    * The machine ID to query machine-to-machine tokens by
    */
@@ -108,11 +112,18 @@ export class M2MTokenApi extends AbstractAPI {
   }
 
   async list(queryParams: GetM2MTokenListParams) {
-    return this.request<PaginatedResourceResponse<M2MToken[]>>({
-      method: 'GET',
-      path: basePath,
-      queryParams,
-    });
+    const { machineSecretKey, ...params } = queryParams;
+
+    const requestOptions = this.#createRequestOptions(
+      {
+        method: 'GET',
+        path: basePath,
+        queryParams: params,
+      },
+      machineSecretKey,
+    );
+
+    return this.request<PaginatedResourceResponse<M2MToken[]>>(requestOptions);
   }
 
   async createToken(params?: CreateM2MTokenParams) {