we are a company which need to reach our api from a rule to be able to populate tokens with our own data, so the global subject is about how you authenticate from a rule to reach your internal api.
We found an answer here in this post How do I call my API from a rule? , it’s what we did previously during the time we moved our internal user authentication into Auth0 and fortunately this script did not last for too long because it was costing us a fair amount of money.
At this time, we tried what was described here https://auth0.com/docs/rules/cache-resources , to mitigate the authentication cost and store in the global cache, the token we issued, but after some testing it appeared this cache is really short. It is described in the doc that it can goes away at any time, but it’s really too quick to solve the token cost mentioned earlier.
It seems obvious to use an Auth0 app to secure your own api calls from a rule but the token generation cost could go quickly high and I see no real storage possibility in rules.
Considering all of this what should we do to have a secured connection between Auth0 and our app without spending money just for a synchronization call ?