M2M Management Api Token Storage

In NextJs app, should you store a M2M Management Api token? And if so where is best to store this, and how would you refresh it when it expires?

Currently I have been fetching a new M2M token each time an authorised user needs to update user account information in the user management section of the app. However this seems like overkill as the token is valid for 24 hours, and as the fetching happens on the server side of Next app I dont think it would be necessary to generate a new one for each user that has access to user management.

Is there a way to generate one token for the app, store it, and then re-use it multiple times instead of having to do it on each request?

Hi @eoin,

Welcome to the Auth0 Community and sorry for the late reply.

Even though requesting a new Management API Access Token is still an option, you are correct with this:

Best practice in this scenario would be using in-memory/non-persistent cache storage for keeping the M2M Management Api token, which limits the potential attack surface.

This would prevent you from going over quota with Machine-to-Machine Authentication since as you have mentioned above it is valid for 24 hours.

You can refer to our Get Management API Access Tokens for Production.

Hope this helps your case, but others as well.
Thanks,
Remus