feat: Adding M2M Quota Support (#788)

### Changes

Support Added for M2M Rate Limit Quotas :

1. Authentication
- Added a new generic helper function `HttpResponse::parseQuotaHeaders`
 
 2. Management
- Added extensive tests for `Tenant`, `Client` and `Organization` API
Endpoints which will give a overview of the query and responses related
token quota
 


### References

- Internal
-
[https://oktawiki.atlassian.net/wiki/spaces/IAMPS/pages/3192719041/RFC+-+M2M+Token+Quota](RFC)

- Management API
- [Update Tenant
Settings](https://auth0.com/docs/api/management/v2/tenants/patch-settings)


### Testing

- [x] This change adds test coverage

- [x] This change has been tested on the latest version of the
platform/language or why not

### Contributor Checklist

- [x] I agree to adhere to the [Auth0 General Contribution
Guidelines](https://github.com/auth0/open-source-template/blob/master/GENERAL-CONTRIBUTING.md).
- [x] I agree to uphold the [Auth0 Code of
Conduct](https://github.com/auth0/open-source-template/blob/master/CODE-OF-CONDUCT.md).

Author: kishore7snehil

examples/features/authentication/m2m-quota-headers/.env.example

@@ -0,0 +1,26 @@
+################################################################################
+#
+#   For guidance on setting up an Auth0 application and collecting these
+#   values,please see the README in the root of this repository:
+#
+#   https://github.com/auth0/auth0-PHP/blob/main/README.md#configure-auth0
+#
+################################################################################
+
+# Your Auth0 tenant domain.
+DOMAIN=
+
+# Your Auth0 application's Client ID.
+CLIENT_ID=
+
+# Your Auth0 application's Client Secret.
+CLIENT_SECRET=
+
+# A random string used to encrypt your session cookie.
+COOKIE_SECRET=
+
+# Your Auth0 Custom Domain, if applicable.
+CUSTOM_DOMAIN=
+
+# Your Auth0 API Identifier/Audience, if applicable.
+API_IDENTIFIER=

examples/features/authentication/m2m-quota-headers/composer.json

@@ -0,0 +1,32 @@
+{
+    "name": "auth0-samples/m2m-quota-headers",
+    "description": "Example of using M2M Quota Headers with Auth0 PHP",
+    "require": {
+        "php": "^8.1",
+        "auth0/auth0-php": "8.13",
+        "nyholm/psr7": "^1.5",
+        "symfony/http-client": "^6.2",
+        "vlucas/phpdotenv": "^5.5"
+    },
+    "prefer-stable": true,
+    "config": {
+      "optimize-autoloader": true,
+      "preferred-install": "dist",
+      "sort-packages": true,
+      "process-timeout": 0,
+      "allow-plugins": {
+        "php-http/discovery": false
+      }
+    },
+    "scripts": {
+      "serve": [
+        "php -S 127.0.0.1:3000 index.php"
+      ],
+      "pre-install-cmd": [
+        "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
+      ],
+      "pre-update-cmd": [
+        "@php -r \"file_exists('.env') || copy('.env.example', '.env');\""
+      ]
+    }
+  }

examples/features/authentication/m2m-quota-headers/index.php

@@ -0,0 +1,77 @@
+<?php
+declare(strict_types=1);
+header('Content-Type: text/plain; charset=utf-8');
+
+/**
+ * This example demonstrates how to use the Auth0 SDK for PHP to get M2M Quota Headers.
+ *
+ * You should invoke this app using routed URLs like http://localhost:3000 or http://localhost:3000/login.
+ * Using the PHP built-in web server, you can start this app with the following command: php -S 127.0.0.1:3000 index.php
+ */
+
+use Auth0\SDK\Auth0;
+use Auth0\SDK\Configuration\SdkConfiguration;
+use Auth0\SDK\Utility\HttpResponse;
+use Dotenv\Dotenv;
+
+// 1. Bootstrap: load Composer autoloader and environment
+require __DIR__ . '/vendor/autoload.php';
+$env = Dotenv::createImmutable(__DIR__);
+$env->load();
+
+// 2. Configure the SDK
+$config = new SdkConfiguration([
+    'domain'       => $_ENV['DOMAIN']       ?? '',
+    'clientId'     => $_ENV['CLIENT_ID']    ?? '',
+    'clientSecret' => $_ENV['CLIENT_SECRET']?? '',
+    'cookieSecret' => $_ENV['COOKIE_SECRET']?? ''
+]);
+$auth0 = new Auth0($config);
+
+// 3. Perform a Client Credentials (M2M) request
+echo "Performing client-credentials flow...\n";
+$response = $auth0->authentication()->clientCredentials([
+    'audience' => $_ENV['API_IDENTIFIER'] ?? '',
+]);
+
+$status = $response->getStatusCode();
+echo "HTTP status code: {$status}\n\n";
+
+// 4. Decode the JSON body
+$body = HttpResponse::decodeContent($response);
+
+// ------------------------
+// Successful 2xx response
+// ------------------------
+if ($status >= 200 && $status < 300 && isset($body['access_token'])) {
+    echo "Access token received:\n";
+    echo substr($body['access_token'], 0, 20) . "... (truncated)\n\n";
+
+    // Parse and display quota/quota headers
+    echo "Quota headers (parsed):\n";
+    $quotaData = HttpResponse::parseQuotaHeaders($response);
+    print_r($quotaData);
+
+    exit(0);
+}
+
+// -----------------------------------
+// Handle 429 Too Many Requests error
+// -----------------------------------
+if ($status === 429) {
+    echo "Error: Too Many Requests (429)\n";
+
+    // Your new structured quota headers
+    echo "Quota headers (parsed):\n";
+    $quotaData = HttpResponse::parseQuotaHeaders($response);
+    print_r($quotaData);
+
+    exit(1);
+}
+
+// -------------------------------
+// Any other non-2xx / non-429
+// -------------------------------
+echo "Unexpected response ({$status}):\n";
+print_r($body);
+exit(1);

src/Utility/HttpResponse.php

@@ -69,6 +69,146 @@ public static function getStatusCode(
         return $response->getStatusCode();
     }
 
+    /**
+     * Helper function to parse "b=per_hour;q=100;r=99;t=1,b=per_day;q=300;r=299;t=1"
+     * into an array like:
+     * [
+     *    'per_hour' => [ 'quota' => 100, 'remaining' => 99, 'resetAfter' => 1 ],
+     *    'per_day'  => [ 'quota' => 300, 'remaining' => 299, 'resetAfter' => 1 ]
+     * ].
+     *
+     * @param string $rawValue
+     *
+     * @return array<string,array{quota:null|int,remaining:null|int,resetAfter:null|int}>
+     */
+    public static function parseQuotaBuckets(string $rawValue): array
+    {
+        $result = [];
+
+        // Example: "b=per_hour;q=100;r=99;t=1,b=per_day;q=300;r=299;t=1"
+        $buckets = explode(',', $rawValue);
+
+        foreach ($buckets as $bucket) {
+            $pairs = explode(';', $bucket);
+
+            $bucketName = null;
+            $bucketData = [
+                'quota' => null,
+                'remaining' => null,
+                'resetAfter' => null,
+            ];
+
+            foreach ($pairs as $pair) {
+                $rawParts = explode('=', $pair, 2) + [null, null];
+                $parts = array_map(
+                    /** @param null|string $v */
+                    static fn (?string $v): string => null !== $v ? trim($v) : '',
+                    $rawParts,
+                );
+                $key = $parts[0];
+                $value = $parts[1] ?? null;
+
+                if ('b' === $key) {
+                    // e.g. "per_hour", "per_day", "per_minute", etc.
+                    $bucketName = $value;
+                } elseif ('q' === $key) {
+                    // "quota"
+                    if (is_numeric($value)) {
+                        $bucketData['quota'] = (int) $value;
+                    }
+                } elseif ('r' === $key) {
+                    // "remaining"
+                    if (is_numeric($value)) {
+                        $bucketData['remaining'] = (int) $value;
+                    }
+                } elseif ('t' === $key) {
+                    // "resetAfter"
+                    if (is_numeric($value)) {
+                        $bucketData['resetAfter'] = (int) $value;
+                    }
+                }
+            }
+
+            // If we got a bucket name like "per_hour", store it
+            if (null !== $bucketName) {
+                $result[$bucketName] = $bucketData;
+            }
+        }
+
+        // e.g. { "per_hour" => {...}, "per_day" => {...} }
+        return $result;
+    }
+
+    /**
+     * Parse Auth0's quota headers into the desired 'client'/'organization' structure.
+     * The returned array looks like:
+     * [
+     *   'client' => [
+     *       'per_hour' => [ 'quota' => ..., 'remaining' => ..., 'resetAfter' => ... ],
+     *       'per_day'  => [ 'quota' => ..., 'remaining' => ..., 'resetAfter' => ... ],
+     *   ],
+     *   'organization' => [
+     *       'per_hour' => [...],
+     *       'per_day'  => [...],
+     *   ]
+     * ].
+     *
+     * Buckets or keys missing from the header won't appear in the array.
+     *
+     * @param ResponseInterface $response a ResponseInterface instance to extract from
+     *
+     * @return array{
+     *   client?: array<string,array{quota:int|null,remaining:int|null,resetAfter:int|null}>,
+     *   organization?: array<string,array{quota:int|null,remaining:int|null,resetAfter:int|null}>,
+     *   retryAfter?: int,
+     *   rateLimit?: array{limit?:int,remaining?:int,reset?:int}
+     * }
+     */
+    public static function parseQuotaHeaders(ResponseInterface $response): array
+    {
+        // Retrieve the raw header strings (they might be arrays of strings from getHeaders()).
+        $headers = array_change_key_case($response->getHeaders(), CASE_LOWER);
+        $clientLimit = $headers['auth0-client-quota-limit'][0] ?? null;
+        $orgLimit = $headers['auth0-organization-quota-limit'][0] ?? null;
+        $retryAfteValue = $headers['retry-after'][0] ?? null;
+
+        $client = null !== $clientLimit && '' !== $clientLimit ? self::parseQuotaBuckets($clientLimit) : [];
+        $org = null !== $orgLimit && '' !== $orgLimit ? self::parseQuotaBuckets($orgLimit) : [];
+        $retryAfter = (is_numeric($retryAfteValue)) ? (int) $retryAfteValue : null;
+
+        $result = [];
+        if ([] !== $client) {
+            $result['client'] = $client;
+        }
+        if ([] !== $org) {
+            $result['organization'] = $org;
+        }
+        if (null !== $retryAfter) {
+            $result['retryAfter'] = $retryAfter;
+
+            $limitRaw = $headers['x-ratelimit-limit'][0] ?? null;
+            $remainingRaw = $headers['x-ratelimit-remaining'][0] ?? null;
+            $resetRaw = $headers['x-ratelimit-reset'][0] ?? null;
+
+            $rateLimit = [];
+            if (is_numeric($limitRaw)) {
+                $rateLimit['limit'] = (int) $limitRaw;
+            }
+            if (is_numeric($remainingRaw)) {
+                $rateLimit['remaining'] = (int) $remainingRaw;
+            }
+            if (is_numeric($resetRaw)) {
+                $rateLimit['reset'] = (int) $resetRaw;
+            }
+
+            if ([] !== $rateLimit) {
+                $result['rateLimit'] = $rateLimit;
+            }
+        }
+
+        return $result;
+    }
+
     /**
      * Returns true when the ResponseInterface identifies a 200 status code; otherwise false.
      *