Feature: Provide a short title of your feature request/feedback. Allow cache and rate limiting by client id for m2m token authentication endpoints. Description: Give us some details about your feedback/feature request. Examples, screenshots, videos, etc. are helpful. This is a similar ask related…

Hi there, can you share the details of how you did it?

@dayeye2006 I am interested in how you handled this issue. We are considering a similar solution. Did you end up caching your third-party clients tokens and also rate limiting their requests?

@konrad.sopala Are you able to provide an update on this request? Or suggestions for mitigating the concerns raised?

Roughly I am doing things like below: def get_token(client_id, client_secret): cached_token = cache.get(client_id) if is_expire(cached_token): token = call_auth0(client_id, client_secret) cache.put(client_id, token) else: token = cached_token return token cc @fpmoraes …

@dayeye2006 Nice job, Can we do that in auth0 hook? We can’t really work by auth 0 M2M by this pricing model!

Not being able to cache M2M tokens or to rate-limit the generation of these tokens by application is a real show-stopper for us. We wanted to open up our APIs to partners, but this is impossible in the current state. Within a few minutes, one single partner/customer can block the APIs for everyone …

If we have a solution where we use the REDIS cache and then throw an error when we hit the specific limit that we set. Does the token usage only increment on successful passes or does it count for each invocation of the API?

Thanks, Konrad; To be frank, this seems like a big - huge - gaping hole in the feature offering of Auth0. Who wouldn’t be interested in this improvement? In a world where we pay for tokens – this is a problem that every user of tokens has to solve, there is no way around it. This has to be a DRY vi…

Is there a way to use actions caching to accomplish this? We are having serious issues with B2B partners blowing through our M2M token quotas because we have no way to rate limit. Looking through the docs on the M2M flow, it isn’t clear to me how one would go about fetching a cached access token and…

Hey @chris45 , We don’t currently have a solution for this. The “caching in actions” that just rolled out is entirely unrelated and covers caching external resources within an action. (e.g. caching a token you retrieve from Slack). It doesn’t control issuing tokens to your clients.

Add rate limiting and cache for m2m token authentication endpoints

Product Feedback

Topic		Replies	Views
Please provide a built-in solution to rate-limit and cache M2M authentication tokens Get Help rate-limit , m2m , m2m-tokens	10	5664	August 17, 2023
Caching M2M tokens (not ManagementClient) Get Help auth0js , sdks-quickstarts	11	2013	July 11, 2024
Caching M2M access token in Actions Get Help management-api , actions-management-api	11	8057	November 22, 2023
Enforce limits of M2M tokens on applications Get Help apis , application	6	1696	June 3, 2025
Auth0 Rate Limit /oauth/token endpoint - Custom actions or Hooks Get Help management-api , clients	10	1808	June 21, 2023

Add rate limiting and cache for m2m token authentication endpoints

Related topics