I’ve digged more into the question.
What I’ve found is this https://community.auth0.com/t/get-details-of-authentication-calls/38981/2.
Basically M2M calls that are accounted in the quota should be those marked in the logs as seccft events (Client credentials exchange).
It seems also that M2M token quota is impacted only by Client Credentials exchanges that are not related to the user (access tokens related to social logins, standard logins should be excluded).
From the logs I see in my dashboard, after a successful login on my NextJs website and the retrieval of an access token using getAccessToken, the following events appear in the log:
- event of type “s”: Successful login
- event of “type”: “seacft” → “description”: “Authorization Code for Access Token”
My understanding thus is that getAccessToken for the logged user does not count for the M2M Quota.
Anyhow, I would like a confirmation about this from the Auth0 Team.
Have a nice day