Auth0 Home Blog Docs

Accessing Management API from my Flask web

I have a Flask web running at localhost:3000 using auth0 authentication.
After a successful authentication, I have an access_token, which can be used to access custom APIs, such as /api/calendar, /api/contacts etc.

In addition to that, I wish to have a user with admin role to access endpoints /api/admin/XXX. I can use scope for admin users, and protecting these endpoints is no problem.
However, I also want to access the endpoint provided by Management API via redirection, for example, localhost:3000/api/users redirected to https://{tenant}.auth0.com/api/v2/users

The tricky part is that the access token I get from the authentication is no good for accessing Management APIs. It seems that I need to get another access token with “client_credentials” grant type.

So I got an additional access token for an admin user, but how do I use it? When I use redirect({tenant}.auth0.com/api/v2/users), it still bears the original access token, not the new one.

What would be the best solution?
I came across this page (https://auth0.com/docs/rules/guides/management-api), and wonder if this is relevant?

The link you mentioned is specific to the use of Management API from within rules so it is not relevant to this situation.

The recommendation here would be that the server-side of your application performs an HTTP request to Management API (using the client credentials obtained access token) reads the JSON data from the response and then proceeds to either process the returned data or just return it directly.

In other words, localhost/api/users does NOT redirect to {tenant}.auth0.com/api/v2/users, instead it makes an HTTP request to Management API, receives the response and then returns the processed response.

1 Like

Thanks, I followed your recommendation and made it work.