SDK Limit M2M Java Support

[tanya732]

Changes

API Endpoints

Path	HTTP Method	Method Name
/clients	POST	create
/clients	GET	getAll
/clients/{id}	GET	get
/clients/{id}	PATCH	update
/organizations	POST	create
/organizations	GET	getAll
/organizations/{id}	PATCH	update
/organizations/{id}	GET	get
/organizations/name/{name}	GET	getByName
/tenants/settings	GET	getSettings
/tenants/settings	PATCH	updateSettings

Management API Changes

• Added authorization_response_iss_parameter_supported and default_token_quota in Tenant class
• Added token_quota in Organizations class
• Added token_quota in Clients class

Manual Testing

1. Get domain and apiToken from tenant

ManagementAPI mgmt = ManagementAPI.newBuilder("{YOUR_DOMAIN}", "{YOUR_API_TOKEN}").build();

Endpoint - /tenants/settings

// Endpoint: /tenants/settings
// Fetch the current tenant settings from the API.
Tenant getTenantSettings = api.tenants().get(null).execute().getBody();

// Update tenant settings with a new default token quota configuration.
// Sets quotas for both clients and organizations with specified limits.
Tenant updateTenant = new Tenant();
updateTenant.setDefaultTokenQuota(new DefaultTokenQuota(
        new Clients(new ClientCredentials(2000, 200, true)),
        new Organizations(new ClientCredentials(2000, 200, true))
));

// Execute the update to apply new tenant settings.
Tenant updateTenantSettings = api.tenants().update(updateTenant).execute().getBody();

Endpoint - /clients/{id} , /clients

// Endpoint: /clients/{id}, /clients
// Create a new client with the name "My Client Test" and a token quota configuration.
Client createClientPayload = new Client("My Client Test");
TokenQuota clientQuota = new TokenQuota(new ClientCredentials(2000, 200, true));
createClientPayload.setTokenQuota(clientQuota);

// Execute the creation of the client in the API.
Client createClientRequest = api.clients().create(createClientPayload).execute().getBody();

// Update an existing client identified by <CLIENT_ID> with a new token quota.
// This changes the quota limits for the client to new values.
Client updateClientPayload = new Client("My Client Test");
clientQuota = new TokenQuota(new ClientCredentials(2000, 300, true));
updateClientPayload.setTokenQuota(clientQuota);

// Execute the update operation for the client.
Client updatedClient = api.clients().update("<CLIENT_ID>", updateClientPayload).execute().getBody();

// Fetch the details of a specific client identified by <CLIENT_ID>.
Client client = api.clients().get("<CLIENT_ID>").execute().getBody();

Endpoint - /organizations/{id} , /organizations

// Endpoint: /organizations/{id}, /organizations
// Create a new organization with the name "myorgtest" and a display name "CreatedForTestTokenQuota".
// Also, set an initial token quota for the organization.
Organization createOrganizationPayload = new Organization("myorgtest");
createOrganizationPayload.setDisplayName("CreatedForTestTokenQuota");
TokenQuota orgQuota = new TokenQuota(new ClientCredentials(2000, 200, true));
createOrganizationPayload.setTokenQuota(orgQuota);

// Execute the creation of the organization in the API.
Organization createdOrganization = api.organizations().create(createOrganizationPayload).execute().getBody();

// Update an existing organization identified by <ORG_ID> with a new token quota configuration.
Organization updateOrganizationPayload = new Organization();
orgQuota = new TokenQuota(new ClientCredentials(2000, 300, true));
updateOrganizationPayload.setTokenQuota(orgQuota);

// Execute the update operation for the organization.
Organization updatedOrganization = api.organizations().update("<ORG_ID>", updateOrganizationPayload).execute().getBody();

// Fetch the details of a specific organization identified by <ORG_ID>.
Organization organization = api.organizations().get("<ORG_ID>).execute().getBody();

// Fetch the list of all organizations in the tenant.
List<Organization> organizations = api.organizations().list(null).execute().getBody().getItems();

Authentication API Changes

RateLimitException

1. Added two new fields: clientQuotaLimit and organizationQuotaLimit to represent additional rate-limiting details.
2. Provided getter methods for these new fields.
3. Introduced a Builder class for RateLimitException to simplify its creation and support setting the new fields.

New Classes

1. TokenQuotaBucket: Represents the quota bucket for rate limits.
2. HttpResponseHeadersUtils: Utility class to extract clientQuotaLimit and organizationQuotaLimit from HTTP response headers.

Updated BaseRequest

1. Modified the createRateLimitException method to use the Builder for constructing RateLimitException instances.
2. Incorporated logic to parse and set clientQuotaLimit and organizationQuotaLimit from response headers.

Manual Testing

1. Get audience from your tenant

 // Send a request to fetch a token for the specified audience and execute the request.
Response<TokenHolder> response = auth.requestToken("<AUDIENCE>").execute();

 // Retrieve headers from the response to extract quota information.
Map<String, String> headers = response.getHeaders();

 // Extract client token quota limits from the response headers.
TokenQuotaBucket clientTokenQuotaBucket = HttpResponseHeadersUtils.getClientQuotaLimit(response.getHeaders());

 // Fetch and print the per-day client token quota details.
TokenQuotaLimit clientTokenQuotaLimitPerDay = clientTokenQuotaBucket.getPerDay();
System.out.println("Quota Per Day: " + clientTokenQuotaLimitPerDay);
System.out.println(" quota: " + clientTokenQuotaLimitPerDay.getQuota());
System.out.println(" remaining: " + clientTokenQuotaLimitPerDay.getRemaining());
System.out.println(" time: " + clientTokenQuotaLimitPerDay.getResetAfter());

 // Fetch and print the per-hour client token quota details.
TokenQuotaLimit clientTokenQuotaLimitPerHour = clientTokenQuotaBucket.getPerHour();
System.out.println("Quota Per Hour: " + clientTokenQuotaLimitPerHour);
System.out.println(" quota: " + clientTokenQuotaLimitPerHour.getQuota());
System.out.println(" remaining: " + clientTokenQuotaLimitPerHour.getRemaining());
System.out.println(" time: " + clientTokenQuotaLimitPerHour.getResetAfter());

 // Extract organization token quota limits from the response headers.
TokenQuotaBucket organizationTokenQuotaBucket = HttpResponseHeadersUtils.getOrganizationQuotaLimit(response.getHeaders());

 // Fetch and print the per-day organization token quota details.
TokenQuotaLimit orgTokenQuotaLimitPerDay = organizationTokenQuotaBucket.getPerDay();
System.out.println("Quota Per Day: " + orgTokenQuotaLimitPerDay);
System.out.println(" quota: " + orgTokenQuotaLimitPerDay.getQuota());
System.out.println(" remaining: " + orgTokenQuotaLimitPerDay.getRemaining());
System.out.println(" time: " + orgTokenQuotaLimitPerDay.getResetAfter());

 // Fetch and print the per-hour organization token quota details.
TokenQuotaLimit orgTokenQuotaLimitPerHour = organizationTokenQuotaBucket.getPerHour();
System.out.println("Quota Per Hour: " + orgTokenQuotaLimitPerHour);
System.out.println(" quota: " + orgTokenQuotaLimitPerHour.getQuota());
System.out.println(" remaining: " + orgTokenQuotaLimitPerHour.getRemaining());
System.out.println(" time: " + orgTokenQuotaLimitPerHour.getResetAfter());
        

References

https://oktawiki.atlassian.net/wiki/spaces/IAMPS/pages/3283157572/M2M+Token+Quota+SDK+Requirements#Authentication-SDK-Requirements

Testing

Please describe how this can be tested by reviewers. Be specific about anything not tested and reasons why. If this library has unit and/or integration testing, tests should be added for new functionality and existing tests should complete without errors.

• This change adds test coverage
• This change has been tested on the latest version of the platform/language or why not

Checklist

• I have read the Auth0 general contribution guidelines
• I have read the Auth0 Code of Conduct
• All existing and new tests complete without errors