Can Auth0 cache requests for access tokens?

Our account has a limit of 5k tokens available for M2M. Our tokens are currently set to expire in 1-day. While clients should cache the tokens and re-use them, it is possible that a bad actor reaches out for a token before each request. There is also the case of testing, in which automated tests might repeatedly ask for tokens.

Q: Is there a way on the Auth0 side such that multiple requests for a token from a single user is responded with the same token (within the expiration date), or at least doesn’t take from our token quota?

3 Likes

+1 for this question / feature request.

As far as I know, there is no caching ability on the Auth0 side that would do this automatically. Your best solution would be to have the clients/applications proxy a call to some middleware application you’ve created that would handle the token requests + 24 hr caching. This way you have control over how many M2M Access Tokens are generated in your tenant yourself without going over the 5k limit.

1 Like

Thanks for sharing @gparascandolo!

Welcome to the community @washad and @yuval.ron.ext !

I definitely recommend chiming in on the following feedback request - This is a common ask and our product team monitors these requests closely :crossed_fingers:

https://community.auth0.com/t/add-rate-limiting-and-cache-for-m2m-token-authentication-endpoints/75367/11

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.