I’m working on auth0 and I have created an application using SPA, and then I created an API and defined the required permissions to it (such as “read:users” and “update:users” and along with that a new application is created with my CUSTOM_API_NAME (Test Application).
Now I have created some users and I want one of them can have the access to view all users and update them, while another one can only view view them, now I’m confused between which application credentials should I use for signup and sign-in process and I created another API to define permissions to a user but when I’m obtaining my access token through Auth0 ManagementAPI to fetch the list of all users, I’m getting an error saying insufficient scopes saying:
Forbidden: Insufficient scope, expected one of: read:users OR read:user_idp_token.
and when I’m doing the same with my custom_api audience, Its saying :
{
“statusCode”: 401,
“error”: “Unauthorized”,
“message”: “Bad audience: https://<custom_api_identifier>”
}
please help me find the solution, I want to provide different roles and accesses to my users to perform different functions.