Axios post req to get management token works in chrome but not in firefox, Edge and safari

Am working with react app and the below code gives me management token in chrome but not in other browsers like firefox and edge.

 const getLoggedIn = async () => {
    try {
      const response = await
        new URLSearchParams({
          grant_type: "client_credentials",
          client_id: "xxxxxx",
          code: `code`,
          redirect_uri: "https://.net/",
          audience: "https://abc/api/v2/",
          cacheLocation: "localstorage",
          headers: { "content-type": "application/x-www-form-urlencoded" },
      localStorage.setItem("mToken", response?.data?.access_token ?? "");
    } catch (error) {

Hi @bhavith.chandra,

Welcome to the Auth0 Community!

This setup is completely insecure and you are leaving your Auth0 tenant open to malicious actors by publishing the client ID/secret in a browser-based application. Any data sent to the client can be inspected by the end user and used for malicious purposes.

You should never use the client credentials grant in a client-side application (SPA, native app, etc.). Additionally, browser based flows are very limited in scopes with the Management API and should be avoided.

I would suggest starting with our quickstarts.

Let me know if you have any questions.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.