Our account has a limit of 5k tokens available for M2M. Our tokens are currently set to expire in 1-day. While clients should cache the tokens and re-use them, it is possible that a bad actor reaches out for a token before each request. There is also the case of testing, in which automated tests might repeatedly ask for tokens.
Q: Is there a way on the Auth0 side such that multiple requests for a token from a single user is responded with the same token (within the expiration date), or at least doesn’t take from our token quota?
As far as I know, there is no caching ability on the Auth0 side that would do this automatically. Your best solution would be to have the clients/applications proxy a call to some middleware application you’ve created that would handle the token requests + 24 hr caching. This way you have control over how many M2M Access Tokens are generated in your tenant yourself without going over the 5k limit.