Skip to content

feat: support limit M2M usage - EA #1093

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 12 commits into from
Jun 4, 2025
Merged

feat: support limit M2M usage - EA #1093

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
f1501cc
feat: add token quota schema for client credentials in clients and or…
kushalshit27 May 2, 2025
b125b81
feat: add token quota configuration schema for clients and organizations
kushalshit27 May 2, 2025
1afb0b3
feat: allow token quota to be null in clients and organizations schemas
kushalshit27 May 5, 2025
96cc09f
Merge branch 'master' into DXCDT-953-limit-m2m-usage-support
kushalshit27 May 12, 2025
f4d0df3
test: add token_quota property validation for clients, organizations,…
kushalshit27 May 13, 2025
1002138
Merge branch 'master' into DXCDT-953-limit-m2m-usage-support
kushalshit27 May 27, 2025
38f7d10
Merge branch 'master' into DXCDT-953-limit-m2m-usage-support
kushalshit27 May 27, 2025
8a19422
Merge branch 'master' into DXCDT-953-limit-m2m-usage-support
kushalshit27 May 30, 2025
9ae4376
Merge branch 'master' into DXCDT-953-limit-m2m-usage-support
kushalshit27 May 30, 2025
03ee40a
Merge branch 'master' into DXCDT-953-limit-m2m-usage-support
kushalshit27 May 30, 2025
aa588d9
Merge branch 'master' into DXCDT-953-limit-m2m-usage-support
kushalshit27 Jun 2, 2025
fc49e71
chore: update dependencies to latest versions
kushalshit27 Jun 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions src/tools/auth0/handlers/clients.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -82,6 +82,31 @@ export const schema = {
policies: multiResourceRefreshTokenPolicies,
},
},
token_quota: {
type: ['object', 'null'],
properties: {
client_credentials: {
type: 'object',
properties: {
enforce: {
type: 'boolean',
default: true,
},
per_day: {
type: 'integer',
minimum: 1,
},
per_hour: {
type: 'integer',
minimum: 1,
},
},
additionalProperties: false,
minProperties: 1,
},
},
required: ['client_credentials'],
},
},
required: ['name'],
},
Expand Down
25 changes: 25 additions & 0 deletions src/tools/auth0/handlers/organizations.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,31 @@ export const schema = {
},
default: [],
},
token_quota: {
type: ['object', 'null'],
properties: {
client_credentials: {
type: 'object',
properties: {
enforce: {
type: 'boolean',
default: true,
},
per_day: {
type: 'integer',
minimum: 1,
},
per_hour: {
type: 'integer',
minimum: 1,
},
},
additionalProperties: false,
minProperties: 1,
},
},
required: ['client_credentials'],
},
},
required: ['name'],
},
Expand Down
37 changes: 37 additions & 0 deletions src/tools/auth0/handlers/tenant.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,45 @@ import { convertJsonToString } from '../../utils';
import { Asset, Assets } from '../../../types';
import log from '../../../logger';

const tokenQuotaConfigurationSchema = {
type: 'object',
properties: {
client_credentials: {
type: 'object',
properties: {
enforce: {
type: 'boolean',
default: true,
},
per_day: {
type: 'integer',
minimum: 1,
},
per_hour: {
type: 'integer',
minimum: 1,
},
},
additionalProperties: false,
minProperties: 1,
},
},
required: ['client_credentials'],
};

export const schema = {
type: 'object',
properties: {
default_token_quota: {
type: 'object',
properties: {
clients: tokenQuotaConfigurationSchema,
organizations: tokenQuotaConfigurationSchema,
},
additionalProperties: false,
minProperties: 1,
},
},
};

export type Tenant = TenantSettings;
Expand Down
40 changes: 40 additions & 0 deletions test/tools/auth0/handlers/clients.tests.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,6 +184,46 @@ describe('#clients handler', () => {
await stageFn.apply(handler, [{ clients: [clientWithRefreshTokenPolicies] }]);
});

it('should allow valid token_quota property in client', async () => {
const clientWithTokenQuota = {
name: 'clientWithTokenQuota',
token_quota: {
client_credentials: {
enforce: true,
per_day: 1000,
per_hour: 100,
},
},
};
let wasCreateCalled = false;
const auth0 = {
clients: {
create: function (data) {
wasCreateCalled = true;
expect(data).to.be.an('object');
expect(data.name).to.equal('clientWithTokenQuota');
expect(data.token_quota).to.deep.equal({
client_credentials: {
enforce: true,
per_day: 1000,
per_hour: 100,
},
});
return Promise.resolve({ data });
},
update: () => Promise.resolve({ data: [] }),
delete: () => Promise.resolve({ data: [] }),
getAll: (params) => mockPagedData(params, 'clients', []),
},
pool,
};
const handler = new clients.default({ client: pageClient(auth0), config });
const stageFn = Object.getPrototypeOf(handler).processChanges;
await stageFn.apply(handler, [{ clients: [clientWithTokenQuota] }]);
// eslint-disable-next-line no-unused-expressions
expect(wasCreateCalled).to.be.true;
});

it('should get clients', async () => {
const auth0 = {
clients: {
Expand Down
52 changes: 52 additions & 0 deletions test/tools/auth0/handlers/organizations.tests.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,6 +218,58 @@ describe('#organizations handler', () => {
]);
});

it('should allow valid token_quota property in organization', async () => {
const orgWithTokenQuota = {
name: 'orgWithTokenQuota',
token_quota: {
client_credentials: {
enforce: false,
per_day: 500,
per_hour: 50,
},
},
};
let wasCreateCalled = false;
const auth0 = {
organizations: {
create: function (data) {
wasCreateCalled = true;
expect(data).to.be.an('object');
expect(data.name).to.equal('orgWithTokenQuota');
expect(data.token_quota).to.deep.equal({
client_credentials: {
enforce: false,
per_day: 500,
per_hour: 50,
},
});
data.id = 'fake';
return Promise.resolve({ data });
},
update: () => Promise.resolve({ data: [] }),
delete: () => Promise.resolve({ data: [] }),
getAll: (params) => Promise.resolve(mockPagedData(params, 'organizations', [sampleOrg])),
getEnabledConnections: () => Promise.resolve({ data: [] }),
getOrganizationClientGrants: () => ({ data: [] }),
},
connections: {
getAll: (params) => mockPagedData(params, 'connections', []),
},
clients: {
getAll: (params) => mockPagedData(params, 'clients', sampleClients),
},
clientGrants: {
getAll: (params) => mockPagedData(params, 'client_grants', [sampleClientGrant]),
},
pool,
};
const handler = new organizations.default({ client: pageClient(auth0), config });
const stageFn = Object.getPrototypeOf(handler).processChanges;
await stageFn.apply(handler, [{ organizations: [orgWithTokenQuota] }]);
// eslint-disable-next-line no-unused-expressions
expect(wasCreateCalled).to.be.true;
});

it('should get organizations', async () => {
const auth0 = {
organizations: {
Expand Down
54 changes: 54 additions & 0 deletions test/tools/auth0/handlers/tenant.tests.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,60 @@ describe('#tenant handler', () => {
await stageFn.apply(handler, [{ tenant: { sandbox_version: '4' } }]);
});

it('should allow valid default_token_quota property in tenant', async () => {
const tenantWithDefaultTokenQuota = {
default_token_quota: {
clients: {
client_credentials: {
enforce: true,
per_day: 2000,
per_hour: 200,
},
},
organizations: {
client_credentials: {
enforce: false,
per_day: 1000,
per_hour: 100,
},
},
},
};
let wasUpdateCalled = false;
const auth0 = {
tenants: {
getSettings: () => ({ data: {} }),
updateSettings: function (data) {
wasUpdateCalled = true;
expect(data).to.be.an('object');
expect(data.default_token_quota).to.deep.equal({
clients: {
client_credentials: {
enforce: true,
per_day: 2000,
per_hour: 200,
},
},
organizations: {
client_credentials: {
enforce: false,
per_day: 1000,
per_hour: 100,
},
},
});
return Promise.resolve(data);
},
},
};
// @ts-ignore
const handler = new tenantHandler({ client: auth0 });
const stageFn = Object.getPrototypeOf(handler).processChanges;
await stageFn.apply(handler, [{ tenant: tenantWithDefaultTokenQuota }]);
// eslint-disable-next-line no-unused-expressions
expect(wasUpdateCalled).to.be.true;
});

describe('filtering-out unallowed tenant flags', async () => {
it('should filter-out unallowed tenant flags', async () => {
const proposedFlags = {
Expand Down