Hello @aylmer welcome to the community!
You’re on the right track here You will need to use the Management API to perform the actions described. It sounds like creating a user and then assigning the roles to said user should suffice. You can get roles with this endpoint.
Given this requires the use of the Management API, you will want to perform these actions on your backend which should act as a sort of proxy for your front end. The reason being that Management API access tokens are limited by design for front end use. While certainly possible to interact with the Management API directly from your backend/API, Auth0 does offer several Management API SDK libraries which could be useful: