Are M2M tokens correct for this use case?

Hey all,

I was hoping to get some feedback on whether or not I’m approaching an authentication problem correctly. Currently, I have the basic auth0 flow set up for logins on my user application, but I’d like to trigger the creation of a User object in my local database once a user has signed up.

The way I wanted to accomplish this was when the user becomes authenticated, I issue a request to a backend endpoint internally which would use an M2M token to update the User object returned from auth0 with a new field indicating that a User has been created.

My main issues are:

  • Is using M2M here correct? I notice that there’s a limit of 1000 tokens for a free plan (does this ever refresh, or is this a lifetime quota?)
  • Would using Lock or Rules be preferred? For example, with Rules it looked to me from the documentation that Rules only execute when the user authenticates, and what I’m trying to achieve would require data later than the authentication step before I update the user object stored in auth0

Thank you very much for the help!

Hi @j.gong16

I don’t think M2M is appropriate here. You can get an access token for the management API (…/v2/api) with silent auth, this access token will only have access to the user info of the user logged in. You can then modify that user.