Starting from below, yes, your proposal is the recommended approach. In this scenario, the Laravel API acts as a resource server for the Angular client application while at the same time acts as a client application for the Auth0 Management API resource server so it should be indeed be represented in Auth0 with a client application record in addition to the API one.
In relation to calling the Management API the laravel-auth0 package is really just specific to integrating the authentication/authorization part into your Laravel backend. However, the auth0-php library has helper methods to call the Management API from PHP, in particular, check:
- GitHub - auth0/auth0-PHP: PHP SDK for Auth0 Authentication and Management APIs.
- GitHub - auth0/auth0-PHP: PHP SDK for Auth0 Authentication and Management APIs. (to get an access token through client credentials grant applicable to Management API)