go-auth0 icon indicating copy to clipboard operation
go-auth0 copied to clipboard
verified publisher icon auth0

Add Support for Limiting M2M Usage via `Tenant-Wide` Defaults and `Client/Organization` Overrides

Open developerkunal opened this issue 9 months ago • 1 comments

🔧 Changes

This PR introduces support for configuring token quotas for M2M (client credentials) flows at the tenant, client, and organization levels.

Key Changes:

  • Introduced a unified TokenQuota struct used across tenant, client, and organization resources
  • TenantDefaultTokenQuota now allows configuring default quotas for both clients and organizations
  • Clients and organizations can override the tenant-wide quota by setting their own token_quota field
  • Introduced TokenQuotaClientCredentials, which supports:
    • enforce: whether the quota is strictly enforced or just logged
    • per_day and per_hour limits for issued tokens

Unsetting Quotas

To remove a previously set quota, send a PATCH request with a null value:

# Unset tenant-wide quotas
PATCH /api/v2/tenants/settings
{
  "default_token_quota": null
}

# Unset client-specific quota
PATCH /api/v2/clients/{id}
{
  "token_quota": null
}

# Unset organization-specific quota
PATCH /api/v2/organizations/{id}
{
  "token_quota": null
}

For implementation examples, refer to the Go SDK usage guide:
🔗 https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct

Example


package main

import (
	"context"
	"log"

	"github.com/auth0/go-auth0/management"
)

func main() {
	// Define a custom struct for Tenant with nullable fields
	type CustomTenantSettings struct {
		DefaultTokenQuota *management.TokenQuota `json:"default_token_quota"`
	}

	// Example: Unset tenant-wide quotas
	unsetTenantSettings := &CustomTenantSettings{
		DefaultTokenQuota: nil, // Unsetting the token quota
	}

	err := auth0API.Request(context.Background(), "PATCH", auth0API.URI("tenants", "settings"), unsetTenantSettings)
	if err != nil {
		log.Fatalf("Failed to unset tenant-wide quotas: %v", err)
	}
	log.Println("Successfully unset tenant-wide quotas.")
}

📚 References

🔬 Testing

  • Unit tests cover all new structs and unmarshal/marshal behaviour
  • Manual tests verified PATCH operations unset values correctly
  • Validated behavior with realistic tenant, client, and org payloads

📝 Checklist

  • [x] All new/changed/fixed functionality is covered by tests (or N/A)
  • [x] I have added documentation for all new/changed functionality (or N/A)

developerkunal avatar Apr 04 '25 09:04 developerkunal

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 95.89%. Comparing base (e4779d8) to head (4ab6e6e).

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #537      +/-   ##
==========================================
+ Coverage   95.88%   95.89%   +0.01%     
==========================================
  Files          60       60              
  Lines       11801    11852      +51     
==========================================
+ Hits        11315    11366      +51     
  Misses        366      366              
  Partials      120      120

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

:rocket: New features to boost your workflow:
  • :snowflake: Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

codecov-commenter avatar Apr 04 '25 09:04 codecov-commenter