Hi @gandersen,
Yes, while it is possible to access the Management API from a SPA, they are issued in the context of the user who is currently signed in to Auth0.
In this case, I recommend following our Get Management API Access Tokens for Single-Page Applications documentation for more information.
Alternatively, you could append the user_metadata as a custom claim to the access token.
Please let me know if you have any questions.
Thanks,
Rueben