Enforce limits of M2M tokens on applications

Hi there, one of our customers just used up around 70% of our M2M tokens within one hour (they had a script that looped and requested tokens endlessly). How can we restrict this to not happen again in the future (so as not to affect our other customers or force us to upgrade to higher limit just because of one customer’s mistake)?

I saw this post talking about shipping such a feature but I could not find anything

Hi @timonbimon,

Welcome to the Auth0 Community!

You can use an M2M Action to enforce your own internal limits for M2M token authentication.

Additionally, you can cache the Management API tokens in the Action since these tokens do not expire immediately. This will help avoid going over the quota for your M2M token authentication.

For more details, see this post on caching Management API access tokens in a login action.

Thanks,
Rueben

Hi Rueben,

It seems like I’d need to connect to some kind of external database (to keep track of how many M2M tokens have been used per customer) to enforce the internal limits within an action (sounds rather complicated :grimacing:).

Would the same be true for caching or is there some in-built cache I could use to cache the token within the Action? (edit: just saw you linked a post about the caching let me read that first :see_no_evil:)

Thanks for your help!

OK answering my own question: seems like the caching is in-built => yay! Could you outline in a little more detail how I could use this cache feature to avoid that a call to the OAuth endpoint (the one below in our case) counts against our M2M token limit (by returning a cached token through an Action??).

curl --request POST \
  --url https://auth.luminovo.com/oauth/token  \
  --header 'content-type: application/json' \
  --data '{"client_id":"some_client_id", "client_secret":"some_client_secret","audience":"https://luminovo.ai/api","grant_type":"client_credentials"}'
1 Like

Hi @timonbimon,

You can use this cache feature in a Post Login action script.

Have you had a chance to review the knowledge solution below?

Let me know what steps in the knowledge solution you are having issues with.

Thanks,
Rueben

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.