Deleting clients fails to decrement client-grant quotas?

Get Help
,
1

Howdy Auth0 community/support.

TLDR: Has anyone else encountered Auth0 quotas on client-grants being hit, by clients being deleted but the attached grants not being removed from the quota?

I think whats happening is:

  1. Create a client (via management API)
  2. Create a client grant (via management API)
  3. Delete the client (via management API)
  4. The grant gets deleted automatically by Auth0 (as expected)
  5. BUT: the client-grant quota doesn’t get decremented… leaving the quota to become exceeded.

Some details:

I hit a limit of client grants in a tenant. There’s no dashboard/quota view that shows client grants, and retrieving the list of client grants from the API shows only 2 grants in the tenant.

POST https://{{INTEGRATION_TEST_AUTH0_DOMAIN}}/api/v2/client-grants
{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "You reached the limit of entities of this type for this tenant.",
    "errorCode": "too_many_entities"
}

Of course its logical to then query the client-grants and see how many I have:

https://{{INTEGRATION_TEST_AUTH0_DOMAIN}}/api/v2/client-grants
[
    {
        "id": "cgr_fK2kxaqxyZ972NIg",
        "client_id": "REDACTED1",
        "audience": "https://integration-testing",
        "scope": [],
        "subject_type": "client"
    },
    {
        "id": "cgr_nLW6rlvGCgV9k5jO",
        "client_id": "REDACTED2",
        "audience": "https://REDACTED_AUTH0_DOMAIN.au.auth0.com/api/v2/",
        "scope": [
            ... cut for brevity
        ],
        "subject_type": "client"
    }
]

Hmm. Only two grants. Right!?

Well I got an answer from Auth0 suport about a month ago (case 02813026 if anyone from support is looking). The support agent sent me a summary at the end which is a good outline of what occured over ~2-3 weeks of investigating.

I collaborated with our Engineering team to identify a synchronization bug where deleting parent clients failed to update your entity counters.

I confirmed that we manually reset the client-grant entity counter for your tenant to resolve the “limit reached” error and unblock your testing.

I advocated internally to get a response from the engineering team as soon as possible; however, because this required a manual database correction,

This specific tenant of mine is used for integration testing. I run a series of test cases involving creating clients, testing various grants and then deleting the client. I falsely assume that deleting a client, clearly deletes the grant, should also decrement against the quota.

Assuming my debugging (and support indication) is correct - is anyone else encountering this quota issue? Do you just email support every week or two to ask for a quota reset (lol, of course not).

I’m willing to experiment with “delete grants manually before deleting clients” but it seems somewhat ridiculous to need to do so. I’m also mindful I could pay for more quota - but that just delays the buggy inevitable :man_shrugging: .

3

Hi @gdayitsjack

Welcome to the Auth0 Community!

Thank you for providing the case number related to the issue that you are experiencing!

Unfortunately, it appears that you will need to delete the client grants using the Management API before deleating the parent client to prevent this issue from happening.

Otherwise, as you have mentioned, you would be forced to open a support ticket regarding the matter in order to have them reset manually if this sync error persists in the future.

I am sorry for the discomfort this has caused you, if I can help you out with anything else, let me know!

Kind Regards,
Nik

4

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.