Add rate limiting and cache for m2m token authentication endpoints

john.fletcher · April 23, 2024, 1:29pm

Summary of this issue:

Auth0 sells a solution which offers no protection against (possibly external) developers from generating unlimited (?) costs on your account.
Only possible solution is to implement custom code around Auth0, negating the key value of SAAS.
Auth0 expected a solution in Q4 2023, then in Q2 2024, now… ?
Best practice solution is to move away from Auth0.

@konrad.sopala I would like to point out that this is not just nice-to-have, it’s a make-or-break issue, the lack of which - as you can read in various threads - is pushing customers away from your platform.

hegge · May 15, 2024, 7:28am

Hi @support! I see that both @konrad.sopala and @dan.woda hasn’t been seen in this forum for several months, so I figured out that one of you might post an update on the status here. The last posted target date here is Q2 2024, which we’re in right now. Any news on this?

tyf · May 15, 2024, 11:04pm

Hi all, apologize for the delayed response here:

Limit M2M Usage Per Client has been moved from Q2 2024 to Q4 2024 - I unfortunately don’t have an update with regards to caching.

We appreciate your patience and understanding.