Fetching IdP tokens rate limited?

nrmitchi · November 24, 2020, 5:43am

I have a Github (currently, will expand) application which is a combination of a React SPA and a backend system.

I’m trying to find the best way to get the github IdP token (or other Github information), and based on this article (https://auth0.com/docs/connections/calling-an-external-idp-api) is sounds like the right (only) way is to call the Management API from the backend system. Unfortunately this seems to be limited to only 1000 requests per month unless you are on at least the “Developer Pro” plan.

Does this mean there is no way to make authenticated API requests to the underlying Identity Provider if you are not on those plans?

john.gateley · November 24, 2020, 4:25pm

If your M2M tokens have an expiration of 1 day and you cache them, you only need 30 per month.

John

nrmitchi · November 24, 2020, 8:03pm

Okay, so a token can be used for an unlimited number of calls for a day, and the non-Developer-Pro plans are limited to only 1000 tokens per month? The notice in the Auth0 Application states “your current plan up to 1,000 calls per month”, which implies that you can only make 1000 requests to the management api (ie, fetch data for 1000 users) per month.

john.gateley · November 25, 2020, 3:10pm

@nrmitchi

I am not sure where you are reading that, it is probable that the “calls per month” refers to a call to the API to get a M2M token.

Using a M2M token involves NO API calls to Auth0 - there is no “phoning home” (except for the very first time to get the signature verification key).

John