I’m new to Auth0 and wanted to know what the best practices or common patterns are when defining metadata on a client application (M2M) that will be used to authorize what resources that client has access to.
For example, Client1 has read access to datasets 1 and 2. When that client makes a GET request to /datasets, I only want to return datasets 1 and 2.
From what I can gather, you would define a “datasets” attribute under the “Application Metadata” section so it shows up within the “client_metadata” key. However, client_metadata is limited to 10 keys. What would be the approach if I needed more than 10 keys?
Thanks in advance