Hi @nmatatall
Thank you for reaching out to us!
Looking at the details provided, my opinion is that the large number of success_exchange_client_credentials_grant events could indicate that these likely are generated by a backend process or a worker and are not attributed to usual traffic.
The success_api_operation ( sapi ) events refer to the Successful management API write event and they are logged in the context of a write operation. If there are large number of token exchanges, but much fewer write events, this can indicate that your application is initializing a new Auth0::Client instance for every single request or operation, rather than reusing a cached token.
The Ruby SDK could be exchanging client_id/client_secret pairs each time for a new token, basically completing a full Client Credentials Exchange every time, instead of re-using the token which by default are valid for 24 hours.
I would recommend implementing token caching to store them for your application to reuse. Allow me to share some useful documentation that could further help:
- Feedback on Caching JWKS for JWT Verification in Ruby;
- Caching Access Tokens and Renewing Upon Expiration.
Hope this helped!
Gerald