Hi there -
We’re trying to enrich our access tokens with some information we store. To do so, we leverage actions where, on login, we call our own API and get details about the user/etc to embed in the token.
In order to protect the API itself, we used a M2M token and cached it as detailed in several FAQ’s:
However, this doesn’t seem to work in terms of quotas - where M2M are 1000 tokens. If caching only holds for 15 minutes and our users are quite active, then that’s nearly 95 tokens a day, which quickly fills up the quota.
It also seems that we’re not quite caching successfully (perhaps the size of the token?) so we may get less cache hits than we’d like, and again, that only goes against our quotas.
Is there any way to cache the token in a place that is secure (i.e. Auth0 – we don’t really want to launch our own caching solution outside as it kind of defeats the purpose, right?) so that we’re not re-requesting over and over again and going against quotas?
The caching mechanism you reference in Actions is the existing solution for caching resources. Feel free to create a #feedback request!
It may be helpful to store some of that user data in app_metadata or user_metadata, such that every transaction doesn’t result in a M2M call (this will also ensure your auth round trip is as fast as possible), otherwise, you may run up the M2M token quota like you’ve stated.