M2m tokens from Management API not free? Please check my configuration please

constantinos · April 23, 2020, 1:15pm

I am reading that Management API access tokens do not count in the quota.

In my usage report for April I see that there’s 6 calls for m2m tokens . I am trying to understand where these came from.

Will these count in the 1,000 quota in the end of the month? Or not, because they were calls for the Management API really.

Please find my setup below:

Apps I have in my tenant

The “hasura” app is used as an audience in my front-end in the “auth0-spa-js” lib. The Hasura docs state:

In case you are using auth0-spa-js, you also need to create an API so that the access token issued by Auth0 is following the JWT standard. Read more about this here.

source: Quickstart | Hasura GraphQL Docs

The EditUser app is used to get tokens from the Management API, which are then used in serverless functions to update the users profile information.

Based on this configuration, why are m2m tokens counted in the quota? (6 for April, as shown in the image above)

I am trying to understand whether I will keep using Auth0, because if these tokens do count in the quote, and my configuration is fine, then it will get very expensive for us if we have to get on the Developer Pro plan in case we go over the limit.

Should I be using the Client Id of the Management API app instead? And not the one from the EditUser app?

dan.woda · April 23, 2020, 7:20pm

Hi @constantinos,

Thanks for reaching out! It looks like a few of the screenshots you added are dead. Could you please edit your post so we can check it out?

Thanks,
Dan

constantinos · April 24, 2020, 7:27pm

@dan.woda the post is now edited. Let me know if theres still a problem.

dan.woda · April 24, 2020, 8:42pm

Thanks! I’ll take a look now.

dan.woda · April 24, 2020, 8:53pm

According to this post, tokens scoped for internal APIs (the management API), should not count towards the quota:

So this is likely a token that is being issued for a client credentials grant that is not intended for the management API. Does that make sense?

If you want to be 100% sure, please inquire with the sales team. They have the final say on quota and pricing questions.

constantinos · April 25, 2020, 7:18am

@dan.woda in my usage reports I can now see the daily consumption also. It wasnt available before.

It seems that the hasura API is the one that was causing this issue.

I changed the audience in my front end to reference the Management API directly e.g. [tenant].auth0.com/api/v2

Let me know if you see any problems with this.

I hope this is fixed now.

dan.woda · April 27, 2020, 7:35pm

@constantinos,

Are you calling your API with those tokens? Why do you need an audience at all?

Also, this doc talks about management API tokens (essentially the tokens you are requesting):

Hope this helps,
Dan

constantinos · April 28, 2020, 7:04am

@dan.woda I explained why in my initial post

I am using Hasura in the backend and their docs state:

In case you are using auth0-spa-js, you also need to create an API so that the access token issued by Auth0 is following the JWT standard. Read more about this here.

Link to their docs: Quickstart | Hasura GraphQL Docs

I dont understand this 100% though. Can you explain why the audience is needed?

constantinos · April 28, 2020, 7:11am

Not sure if related, but in Auth0 I have a rule that adds custom claims in the access token that hasura uses in the backend for authorisation. Maybe thats why the audience is needed?

Without the audience I dont get a valid token.

dan.woda · April 28, 2020, 5:28pm

That is why, the hasura app is looking for those custom claims in the access token. If you don’t add an audience, you will get an opaque token.

dan.woda · May 12, 2020, 9:28pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.