this.mgmt = new auth0.Management({
domain: config.auth0.domain,
token: accessToken
})
The “accessToken” being used is the idToken value pulled from the user. I’ve searched around and am seeing conflicted thoughts on using the idToken, and that the accessToken (an opaque string) is not the access token.
idToken looks like expected JWT format. So I’m not sure what I’m missing.
Thanks for reaching out. The id_token is not going to be used for access the management API.
I will also point you to this FAQ because it looks like you are trying to access the management API from a SPA which has some special limitations due to it’s exposed nature.
Please let me know if this helps and if you have any more questions.