App that requires access to my users' Auth0 Tenant Management API v2

tyf · December 22, 2023, 10:58pm

Correct! In general, we recommend proxying requests through a backend if possible. While you can get a Management API access token in a SPA, the scopes/permissions are rather limited by design. Here’s a simple example using the node-auth0 ManagementClient:

github.com

tyfrth/auth0-react-samples-proxy/blob/d12c61173852fabe743d7b5b9f417b81799442a6/Sample-01/api-server.js#L56


      
            audience: authConfig.audience,
            issuerBaseURL: `https://${authConfig.domain}/`,
            algorithms: ["RS256"],
          });
          
          //validate access token
          app.get("/api/external", checkJwt, (req, res) => {
            res.json({ message: `Hello ${req.auth.payload.sub}, your access token was successfully validated!` });
          });
          
          //proxy request to Management API to change user's nickname
          app.post('/api/external/nickname', checkJwt, (req, res) => {
          
            const data = JSON.stringify(req.body)
            console.log(data); 
            
            auth0.users.update({id: req.auth.payload.sub}, data, function (err, user) {
              if (err) {
                console.log(err)
                res.json({message: `Unable to successfully set new nickname! - Check tenant logs for possible errors`})
              } else {