docs: update the m2m example to have an optional UI

examples/express/with-m2m/README.md

@@ -37,14 +37,40 @@ OR
 ./assistant --help
 ```
 
-## Project structure (notable files/folders)
+## Project structure
+
+### Allowed call flows
+
+```
+                               ┌──────────────────────┐
+                               │                      │
+    ┌──────────────────────────►   Calendar Service   │
+    │                          │                      │
+    │                          └──────────┬───────────┘
+┌───┴─────┐                               │
+│         │                               │
+│ CLI     │                               │
+│         │                             xxxxx
+└───┬─────┘                               │
+    │                                     │
+    │                                     │
+    │                          ┌──────────▼───────────┐
+    │                          │                      │
+    └──────────────────────────►     Note Service     │
+                               │                      │
+                               └──────────────────────┘
+```
+
+### Notable files
 
 ```
-├── assistant-client
-    ├── eventFunctions.mjs The functions to interact with the calendar-service
-    ├── noteFunctions.mjs The functions to interact with the note-service
-    ├── getAccessToken.mjs The function to get the access token from the auth-service
-    ├── index.mjs The main function to run the assistant
+├── assistant-cli
+    ├── src/eventFunctions.ts The functions to interact with the calendar-service
+    ├── src/noteFunctions.ts The functions to interact with the note-service
+    ├── src/getAccessToken.ts The function to get the access token from the auth-service
+    ├── src/cli.tsx The main function to run the assistant
+    ├── src/ui/* The UI components for the assistant-cli
+
 
 ├── auth-provider-service
     ├── config.ts The configuration for SuperTokens
@@ -58,6 +84,14 @@ OR
     ├── index.ts Sets up the APIs for note-service (w/ token validation and a simple in-memory DB)
 ```
 
+## How it works
+
+In the example, we use the client credentials flow to obtain a token from the auth-provider-service and use it to call the APIs exposed by the calendar-service and note-service.
+
+It's important to note that we have to use the right audience for the API we are trying to call. In this example, the calendar-service is expecting the audience to be `calendar-service` and the note-service is expecting the audience to be `note-service`. If we didn't validate the audience and one of the services was compromised, a malicious actor could use the tokens the compromised service receives to call the APIs exposed by the other services and impersonate the assistant-cli.
+
+Setting minimal scopes and scope validation is similarly important, for example as a way to limit what a leaked/stolen token can be used for.
+
 ## Author
 
 Created with :heart: by the folks at supertokens.com.

examples/express/with-m2m/assistant

@@ -1,3 +1,4 @@
 #!/bin/bash
 
-node ./index.mjs $@
+cd assistant-cli
+npm run cli -- $@

examples/express/with-m2m/assistant-cli/.editorconfig

@@ -0,0 +1,12 @@
+root = true
+
+[*]
+indent_style = tab
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.yml]
+indent_style = space
+indent_size = 2

examples/express/with-m2m/assistant-cli/.gitattributes

@@ -0,0 +1 @@
+* text=auto eol=lf

examples/express/with-m2m/assistant-cli/.gitignore

@@ -0,0 +1,2 @@
+node_modules
+dist

examples/express/with-m2m/assistant-cli/.prettierignore

@@ -0,0 +1 @@
+dist