Application limit

i.kobeissy · April 11, 2025, 12:29am

Hello

I’m building and API using Kong as a gateway and Auth0 as OIDC, users of the api should issue oauth2 tokens to access the api, so I have to provide a unique client_id/client_secret per user. So I need to create an auth0 application for each of my users and then they can issue client credentials token.

My question is that with a B2C Essential license do I have any limit on the total number of applications that we can create ? Also is there a better way to handle my usecase without creating an app per user ?

Thanks in advance

rueben.tiow · April 11, 2025, 3:47pm

Hi @i.kobeissy,

Welcome to the Auth0 Community!

Yes, the B2C essentials plan has a limit of 100 applications. If you haven’t, I recommend reviewing our Entity Limit Policy documentation.

Just to clarify, the client credentials flow is used for non-user-based authentication, where an M2M app can call APIs on its own behalf rather than on behalf of a user. Because your use case is user-based, we have to use something other than the client credentials flow.

As an alternative, one option you might try is to call your API using the authorization code flow. In this approach, there would only one application and one API, which avoids needing to create an app per user. Users authenticating to your app will have permissions assigned to them through the API. The users are granted access if they have the required scopes during the login process.

Let me know what you think about this.

Thanks,
Rueben

i.kobeissy · April 12, 2025, 8:17pm

Thanks for the answer,
but maybe i wasn’t clear, my use case is not user-based authentication, my api will be called by another software so it’s non-user-based and this is why i want to use client credentials.
Also since there’s a limitation on the M2M tokens, i want to use regular web applications.

Regards

rueben.tiow · April 14, 2025, 9:45pm

Hi @i.kobeissy,

Thanks for the reply.

In this case, the client credentials flow could be suitable.

One thing to keep in mind is that M2M tokens are only issued for the client credentials grant. This means that regardless of whether it is an M2M or regular web app, the M2M auth quota increments when requesting access tokens with the client credentials flow.

Add to this the fact that there is a 100-application limit, this might be challenging to scale if you have more than 100 “users”.

There are some options to work around this. The first option is to upgrade to an Enterprise subscription plan, which removes this 100-application limit.

The next possible option is to use one API and share its client_id/client_secret with the other “users” who need access to this API. This might be possible if you don’t need to provide a unique client_id/client_secret per user.

Kind regards,
Rueben

Topic		Replies	Views
M2M Applications - Client credentials flow so a user can consume an API with a secret key Get Help machine-to-machine	3	4314	July 23, 2020
Application limits in an Auth0 tenant Get Help	4	3430	November 12, 2020
Limit on number of 3rd-party client applications Get Help	3	4295	August 28, 2019
API credentials for clients in a multi-tenant setup Get Help multi-tenant , m2m	5	4734	June 28, 2022
How many M2M app can be created in Auth0 developers account Get Help	7	2471	March 25, 2021

Application limit

Related topics