When I use node-auth0 library, I see we have 2 types to create an instance in nodejs.
option 1: Initialize your client class with a client ID, client secret and a domain.
option 2: Initialize your client class with an API v2 token and a domain.
When I use option 1, I have a question about how it takes m2m token when it accesses Auth0 to query data. Because I think if I want to access Auth0, I need a token (m2m token).
Can you explain it to me?
And I see that the m2m token will charge some fee right? If it uses m2m token, can you help me cache this to save money?
Hi @yutanguyen , you are right that the node-auth0 SDK needs an Access Token to call the Management API. When you provide it with the domain, client ID and secret, the SDK will do a client credentials request by its own and obtain an Access Token from Auth0. This assumes that the application that the client ID belongs to has the permissions to generate Management API tokens.
M2M tokens are charged, but tokens generated for Management API are free. Only M2M tokens that you generate for custom APIs via client credentials are used in the quota. So you do not need to worry about caching when you are dealing with the node-auth0 SDK and calling Management API.
I have a question:
So each time we request to Management API to request resource by using node-auth0, do we create a new M2M token or not?
Can you explain for me more about the flow, when I access Auth0 resource by Management API, I need to request a new M2M token, and then access and retrieve, right?
You can get an Access Token once and use it in all subsequent requests. Access Tokens expire after some time, and they need to be renewed only then. If you are using an Auth0 SDK this is managed for you automatically, so you don’t need to worry about tokens at all.
The flow is:
Request an Access Token for the Management API.
Make API calls with that token in the Authorization header. This step can be repeated until the token expires.