Add Support for Limiting M2M Usage via Tenant-Wide Defaults and Client/Organization Overrides

[developerkunal]

🔧 Changes

This PR introduces support for configuring token quotas for M2M (client credentials) flows at the tenant, client, and organization levels.

Key Changes:

• Introduced a unified TokenQuota struct used across tenant, client, and organization resources
• TenantDefaultTokenQuota now allows configuring default quotas for both clients and organizations
• Clients and organizations can override the tenant-wide quota by setting their own token_quota field
• Introduced TokenQuotaClientCredentials, which supports:
  • enforce: whether the quota is strictly enforced or just logged
  • per_day and per_hour limits for issued tokens

Unsetting Quotas

To remove a previously set quota, send a PATCH request with a null value:

# Unset tenant-wide quotas
PATCH /api/v2/tenants/settings
{
  "default_token_quota": null
}

# Unset client-specific quota
PATCH /api/v2/clients/{id}
{
  "token_quota": null
}

# Unset organization-specific quota
PATCH /api/v2/organizations/{id}
{
  "token_quota": null
}

For implementation examples, refer to the Go SDK usage guide:
🔗 https://github.com/auth0/go-auth0/blob/main/EXAMPLES.md#providing-a-custom-user-struct

---

Example

package main

import (
	"context"
	"log"

	"github.com/auth0/go-auth0/management"
)

func main() {
	// Define a custom struct for Tenant with nullable fields
	type CustomTenantSettings struct {
		DefaultTokenQuota *management.TokenQuota `json:"default_token_quota"`
	}

	// Example: Unset tenant-wide quotas
	unsetTenantSettings := &CustomTenantSettings{
		DefaultTokenQuota: nil, // Unsetting the token quota
	}

	err := auth0API.Request(context.Background(), "PATCH", auth0API.URI("tenants", "settings"), unsetTenantSettings)
	if err != nil {
		log.Fatalf("Failed to unset tenant-wide quotas: %v", err)
	}
	log.Println("Successfully unset tenant-wide quotas.")
}

---

📚 References

---

🔬 Testing

• Unit tests cover all new structs and unmarshal/marshal behaviour
• Manual tests verified PATCH operations unset values correctly
• Validated behavior with realistic tenant, client, and org payloads

---

📝 Checklist

• All new/changed/fixed functionality is covered by tests (or N/A)
• I have added documentation for all new/changed functionality (or N/A)

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 95.89%. Comparing base (e4779d8) to head (4ab6e6e).
⚠️ Report is 117 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #537      +/-   ##
==========================================
+ Coverage   95.88%   95.89%   +0.01%     
==========================================
  Files          60       60              
  Lines       11801    11852      +51     
==========================================
+ Hits        11315    11366      +51     
  Misses        366      366              
  Partials      120      120              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

[kushalshit27]

It would better to add implementation examples along with unset examples

[kushalshit27]

LGTM!