I have multiple AWS Lambda that need secure access to my backend API protected by Auth0
From what I understand, I need to create a M2M Application for them in Auth0, and use the M2M grand client flow from OAuth to get an access token so that I can securely consume my backend API from AWS Lambda
Is it a bad idea to get a new access token for every invocation of a given lambda?
Or do I need to setup a more complex architecture when I store the access token and refresh the token in a database, and refresh the token when needed?
M2M tokens destined for a custom API are subject to the M2M token quota (this excludes Auth0 Management API tokens, for example). You can see quotas in the dashboard or on our pricing page.
As a result, you will want to make efficient use of the Access Tokens in your serverless functions and generally do not want to request a new token if not necessary.