We have a php application that we set up as regular web app in Auth0 that we authenticate our users who login to the application through Auth0. We wish to use auth0 management-api to add users when they signup at our site and we pass along the info to auth0 via management-api. Based on what I’ve read in the documentation, in order to use the management-api, we must also create a backend application for it. The question we have is, must we maintain another set of client data (id, secret) to retrieve access tokens to be able to add the user to the users table? Is it possible to use management-api with just one set of client data (from the regular web app application?) Please let me know if I need to clarify what I am asking.
Hey there @chris.howell welcome to the community!
In general, it’s definitely recommended that you use a unique client_id/secret for your backend which will utilize the management API. While it might be technically possible, it’s hard to know what complications may arise. Security-wise, if the credentials were somehow leaked from your web app both the web app and your management client would be compromised.
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.