Adds support to update Token Quota at different levels

.github/workflows/snyk.yml

@@ -24,7 +24,7 @@ jobs:
   check:
 
     name: Check for Vulnerabilities
-    runs-on: windows-2022
+    runs-on: ubuntu-latest
 
     steps:
       - if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
@@ -42,17 +42,9 @@ jobs:
       - name: Dotnet Restore
         run: dotnet restore
 
-      # Install Snyk
-      - run: npm install snyk -g
-
-      # Check that project is registered with Snyk when triggered from master branch
-      - if: github.ref == 'refs/heads/master'
-        run: snyk monitor --file=Auth0.Net.sln
-        env:
-          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
-        continue-on-error: true
-
-      # Report vulnerabilities
-      - run: snyk test --file=Auth0.Net.sln
+      - name: Run Snyk to check for vulnerabilities
+        uses: snyk/actions/dotnet@b98d498629f1c368650224d6d212bf7dfa89e4bf # [email protected]
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --file=Auth0.Net.sln --severity-threshold=medium

Examples.md

@@ -175,7 +175,13 @@ await authClient.DeleteMfaAuthenticatorAsync(
 
 # Management API
 
-## 1. Client Initialization
+- [1. Management Client Initialization](#1-management-client-initialization)
+- [2. Update M2M Token Quota at different levels](#2-update-m2m-token-quota-at-different-levels)
+    - [2.1. Update Default Token Quota at Tenant level](#21-update-default-token-quota-at-tenant-level)
+    - [2.2 Update Token Quota at Client level](#22-update-token-quota-at-client-level)
+    - [2.2 Update Token Quota at Organisation level](#23-update-token-quota-at-organisation-level)
+
+## 1. Management Client Initialization
 
 To initialize the Management API client, you also need the Authentication API client to get the access token required by the Management API client constructor.
 
@@ -198,3 +204,87 @@ public async Task Initialize()
 
 ⬆️ [Go to Top](#)
 
+## 2. Update M2M Token Quota at different levels
+
+### 2.1 Update Default Token Quota at Tenant level
+Assuming you have an access token available with the required scopes.
+```csharp
+
+    using var apiClient = new ManagementApiClient(token, GetVariable("AUTH0_MANAGEMENT_API_URL"));
+    var tenantUpdateSettings = new TenantSettingsUpdateRequest()
+    {
+        DefaultTokenQuota = new DefaultTokenQuota()
+        {
+            Clients = new TokenQuota()
+            {
+                ClientCredentials = new Quota()
+                {
+                    Enforce = true,
+                    PerDay = 200,
+                    PerHour = 100
+                }
+            },
+            Organizations = new TokenQuota()
+            {
+                ClientCredentials = new Quota()
+                {
+                    Enforce = true,
+                    PerDay = 200,
+                    PerHour = 100
+                }
+            }
+        }
+    };
+
+    var updatedSettings = await apiClient.TenantSettings.UpdateAsync(tenantUpdateSettings);
+
+```
+⬆️ [Go to Top](#)
+
+### 2.2 Update Token Quota at Client level
+Assuming you have an access token available with the required scopes.
+```csharp
+
+    using var apiClient = new ManagementApiClient(token, GetVariable("AUTH0_MANAGEMENT_API_URL"));
+
+    var clientUpdateRequest = new ClientUpdateRequest()
+    {
+        TokenQuota = new TokenQuota()
+        {
+            ClientCredentials = new Quota()
+            {
+                Enforce = true,
+                PerDay = 200,
+                PerHour = 100
+            }
+        }
+    };
+
+    var clientUpdateResponse = await apiClient.Clients.UpdateAsync("client_id", clientUpdateRequest);
+
+```
+⬆️ [Go to Top](#)
+
+### 2.3 Update Token Quota at Organisation level
+Assuming you have an access token available with the required scopes.
+```csharp
+
+    using var apiClient = new ManagementApiClient(token, GetVariable("AUTH0_MANAGEMENT_API_URL"));
+
+    var orgUpdateRequest = new OrganizationUpdateRequest()
+    {
+        TokenQuota = new TokenQuota()
+        {
+            ClientCredentials = new Quota()
+            {
+                Enforce = true,
+                PerDay = 200,
+                PerHour = 100
+            }
+        }
+    };
+
+    var orgUpdateResponse = await apiClient.Organizations.UpdateAsync("org_id", orgUpdateRequest);
+
+```
+⬆️ [Go to Top](#)

src/Auth0.ManagementApi/Models/Client/ClientBase.cs

@@ -216,6 +216,12 @@
         /// </summary>
         [JsonProperty("require_proof_of_possession")]
         public bool? RequireProofOfPossession { get; set; }
+
+        /// <summary>
+        /// This defines the fields that control the token quota for the client
+        /// </summary>
+        [JsonProperty("token_quota")]
+        public TokenQuota TokenQuota { get; set; }
     }
 }
 

src/Auth0.ManagementApi/Models/Organization/OrganizationBase.cs

@@ -9,20 +9,29 @@
         /// </summary>
         [JsonProperty("name")]
         public string Name { get; set; }
+
         /// <summary>
         /// The display name of the organization
         /// </summary>
         [JsonProperty("display_name")]
         public string DisplayName { get; set; }
+
         /// <summary>
         /// Organization specific branding settings
         /// </summary>
         [JsonProperty("branding")]
         public OrganizationBranding Branding { get; set; }
+
         /// <summary>
         /// Organization specific metadata
         /// </summary>
         [JsonProperty("metadata")]
         public dynamic Metadata { get; set; }
+
+        /// <summary>
+        /// This defines the fields that control the token quota
+        /// </summary>
+        [JsonProperty("token_quota")]
+        public TokenQuota TokenQuota { get; set; }
     }
 }

src/Auth0.ManagementApi/Models/Organization/OrganizationUpdateRequest.cs

@@ -13,20 +13,29 @@
         /// </summary>
         [JsonProperty("display_name")]
         public string DisplayName { get; set; }
+
         /// <summary>
         /// The name of this organization
         /// </summary>
         [JsonProperty("name")]
         public string Name { get; set; }
+
         /// <summary>
         /// Organization specific branding settings
         /// </summary>
         [JsonProperty("branding")]
         public OrganizationBranding Branding { get; set; }
+
         /// <summary>
         /// Organization specific metadata
         /// </summary>
         [JsonProperty("metadata")]
         public dynamic Metadata { get; set; }
+
+        /// <summary>
+        /// This defines the fields that control the token quota
+        /// </summary>
+        [JsonProperty("token_quota")]
+        public TokenQuota TokenQuota { get; set; }
     }
 }

src/Auth0.ManagementApi/Models/Tenant/DefaultTokenQuota.cs

@@ -0,0 +1,19 @@
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    public class DefaultTokenQuota
+    {
+        /// <summary>
+        /// This defines the fields that control the token quota for Clients
+        /// </summary>
+        [JsonProperty("clients")]
+        public TokenQuota Clients { get; set; }
+
+        /// <summary>
+        /// This defines the fields that control the token quota for Organizations
+        /// </summary>
+        [JsonProperty("organizations")]
+        public TokenQuota Organizations { get; set; }
+    }
+}

src/Auth0.ManagementApi/Models/Tenant/Quota.cs

@@ -0,0 +1,25 @@
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    public class Quota
+    {
+        /// <summary>
+        /// Max number of issued tokens per day.
+        /// </summary>
+        [JsonProperty("per_day")]
+        public int? PerDay { get; set; }
+
+        /// <summary>
+        /// Max number of issued tokens per hour.
+        /// </summary>
+        [JsonProperty("per_hour")]
+        public int? PerHour { get; set; }
+
+        /// <summary>
+        /// Whether to enforce the rate limit, useful for learning modes as well as disabling specific clients.
+        /// </summary>
+        [JsonProperty("enforce")]
+        public bool? Enforce { get; set; }
+    }
+}

src/Auth0.ManagementApi/Models/Tenant/TenantSettingsBase.cs

@@ -148,5 +148,11 @@ public class TenantSettingsBase
         /// </summary>
         [JsonProperty("mtls")]
         public TenantMtls Mtls { get; set; }
+
+        /// <summary>
+        /// This defines the default token quota which will be used when there is no specified token quota.
+        /// </summary>
+        [JsonProperty("default_token_quota")]
+        public DefaultTokenQuota DefaultTokenQuota { get; set; }
     }
 }

src/Auth0.ManagementApi/Models/Tenant/TokenQuota.cs

@@ -0,0 +1,13 @@
+using Newtonsoft.Json;
+
+namespace Auth0.ManagementApi.Models
+{
+    public class TokenQuota
+    {
+        /// <summary>
+        /// This defines the fields that control the token quota
+        /// </summary>
+        [JsonProperty("client_credentials")]
+        public Quota ClientCredentials { get; set; }
+    }
+}

tests/Auth0.AuthenticationApi.IntegrationTests/TokenTests.cs

@@ -34,7 +34,7 @@ public async Task Can_get_token_using_client_credentials()
         [Fact(Skip = "Run Manual")]
         public async Task Can_get_token_using_client_credentials_for_organization()
         {
-            var existingOrgId = "org_V6ojENVd1ERs5YY1";
+            var existingOrgId = "org_x2j4mAL75v96wKkt";
             using (var authenticationApiClient = new AuthenticationApiClient(GetVariable("AUTH0_AUTHENTICATION_API_URL")))
             {
                 // Get the access token

tests/Auth0.ManagementApi.IntegrationTests/ClientGrantTests.cs

@@ -175,7 +175,7 @@ public async Task Organization_Client_Grants()
         {
             var apiId = "dotnet-testing";
             var clientId = fixture.TestClient.ClientId;
-            var existingOrgId = "org_V6ojENVd1ERs5YY1";
+            var existingOrgId = "org_x2j4mAL75v96wKkt";
 
             await fixture.ApiClient.Clients.UpdateAsync(clientId, new ClientUpdateRequest
             {

tests/Auth0.ManagementApi.IntegrationTests/ClientTests.cs

@@ -44,7 +44,7 @@ public ClientTests(ClientTestsFixture fixture)
         [Fact]
         public async Task Test_client_crud_sequence()
         {
-            string existingOrganizationId = "org_V6ojENVd1ERs5YY1";
+            string existingOrganizationId = "org_x2j4mAL75v96wKkt";
             var selectedInitiators = new[]
             {
                 LogoutInitiators.RpLogout,
@@ -106,7 +106,16 @@ public async Task Test_client_crud_sequence()
                     }
                 },
                 ComplianceLevel = ComplianceLevel.FAPI1_ADV_PKJ_PAR,
-                RequireProofOfPossession = true
+                RequireProofOfPossession = true,
+                TokenQuota = new TokenQuota()
+                {
+                    ClientCredentials = new Quota()
+                    {
+                        PerDay = 100,
+                        PerHour = 10,
+                        Enforce = true
+                    }
+                }
             };
             var newClientResponse = await fixture.ApiClient.Clients.CreateAsync(newClientRequest);
             fixture.TrackIdentifier(CleanUpType.Clients, newClientResponse.ClientId);
@@ -130,7 +139,8 @@ public async Task Test_client_crud_sequence()
             newClientResponse.SignedRequestObject.Credentials.First().Id.Should().NotBeNull();
             newClientResponse.ComplianceLevel.Should().Be(ComplianceLevel.FAPI1_ADV_PKJ_PAR);
             newClientResponse.RequireProofOfPossession.Should().BeTrue();
-
+            newClientResponse.TokenQuota.Should().BeEquivalentTo(newClientRequest.TokenQuota);
+
             string prop1 = newClientResponse.ClientMetaData.Prop1;
             prop1.Should().Be("1");
             string prop2 = newClientResponse.ClientMetaData.Prop2;
@@ -160,7 +170,14 @@ public async Task Test_client_crud_sequence()
                     Required = false
                 },
                 ComplianceLevel = ComplianceLevel.NONE,
-                RequireProofOfPossession = false
+                RequireProofOfPossession = false,
+                TokenQuota = new TokenQuota()
+                {
+                    ClientCredentials = new Quota()
+                    {
+                        Enforce = false
+                    }
+                }
             };
 
             var updateClientResponse = await fixture.ApiClient.Clients.UpdateAsync(newClientResponse.ClientId, updateClientRequest);
@@ -186,6 +203,7 @@ public async Task Test_client_crud_sequence()
             updateClientResponse.SignedRequestObject.Required.Should().BeFalse();
             updateClientResponse.ComplianceLevel.Should().Be(ComplianceLevel.NONE);
             updateClientResponse.RequireProofOfPossession.Should().BeFalse();
+            updateClientResponse.TokenQuota.Should().BeEquivalentTo(updateClientRequest.TokenQuota);
 
             // Get a single client
             var client = await fixture.ApiClient.Clients.GetAsync(newClientResponse.ClientId);
@@ -197,6 +215,7 @@ public async Task Test_client_crud_sequence()
             client.RequirePushedAuthorizationRequests.Should().BeFalse();
             client.SignedRequestObject.Required.Should().BeFalse();
             client.ComplianceLevel.Should().Be(ComplianceLevel.NONE);
+            client.TokenQuota.ClientCredentials.Enforce.Should().Be(false);
 
             // Delete the client, and ensure we get exception when trying to fetch client again
             await fixture.ApiClient.Clients.DeleteAsync(client.ClientId);

tests/Auth0.ManagementApi.IntegrationTests/JobsTest.cs

@@ -86,7 +86,7 @@ public JobsTest(JobsTestsFixture fixture)
         [Fact]
         public async Task Can_send_verification_email()
         {
-            var existingOrganizationId = "org_V6ojENVd1ERs5YY1";
+            var existingOrganizationId = "org_x2j4mAL75v96wKkt";
 
             await fixture.ApiClient.Organizations.AddMembersAsync(existingOrganizationId, new OrganizationAddMembersRequest
             {