Hi @dan.woda
thank you for your reply.
Regarding your first point , we only have idToken from google (we currently don’t use Auth0 for authentication , only for authorization)
So I need to use ListUsersByEmail as I don’t have the id of the user.
Regarding the second point, I understood from the documentation that each rule request is also part of the API rate limit, so is changing that to a rule will actually help?
For now We managed to reduce a certain amount of requests by using DropWizard caching authenticator.
We also thought about using redis / custom DB for keeping the users and roles , but I think this is kinda countering Auth0 purpose, we wanted to use Auth0 as it looked easy to implement and integrate for our scenario of handling users and roles.
It seems weird for me that when using oAuth2 authentication which in every request you need to authenticate , there are rate limitations for the Auth0 management API.
Again , thank you very much for your assistance