Ok, I see.
So, you just want to update
user_metadata, none of the root attributes (email, name, etc.).
Available scopes are limited as per your linked docs
You can ask for the following scopes:
so, for example, scope
Yes, I guess then it should be possible. TBH I haven’t tested it out myself yet with the older Auth0.js.
but without asking the user to re-login to get a token for the Management API audience
Even without helper method for updating a user profile in the newer auth0-spa-js SDK, you should still be able to get a proper access token for the management API with it. You just need to pass the
audience parameter into the
Then use that token to make the Mgmt API call directly, without a helper method.
In case you need to get an access token for the Auth0 Mgmt API and one for your own API, so basically two access tokens, you can get the second one via Silent Authentication:
But in any case, since there’s an existing valid Auth0 session from the first login already, he wouldn’t need to re-login anyway.
So, summarizing: unless you really need this helper method to update the user profile in Auth0.js, you should be fine without it as well and can just use auth0-spa-js fine, if you don’t mind making that update request via a plain JS request.
In any case, whether you use one or two SDKs in your project: as long as you’re using the redirect flow via the Auth0 login page, which you do, and the user has a valid Auth0 session, he wouldn’t be prompted to re-login.
To avoid this second redirect (even though no prompt would be coming), you can rely on the mentioned Silent Authentication approach.