Hi @truescope,
Thank you for sending this info and the code! I was able to spin up the example app.
In the Auth0Provider, if you update auddience to audience, you’ll be able to use:
getToken(config.managementApi);
Without an infinite loop.
When your app requests a token that has a different audience than what is specified in the Auth0Provider, the SDK will attempt to perform silent authentication to obtain an Access Token with the correct audience. However, if the app domain and your Auth0 tenant domain differ, than the browser may block the transfer of third-party cookies.
Since you are using a custom domain, this should not occur. I will have to investigate your settings some more to see what might be going on for sure.