Auth0 Home Blog Docs

Can I use one non-interactive client to access both the Management API and Authorization Extension API?



I’m the author of Casbin ( And I’m writing a role manager implementation for Auth0 here:

I want to retrieve all the users and all the groups from the Auth0 tenant via the non-interactive client. So I need to access both the Management API and the Authorization Extension API. The audience for Management API is something like: The audience for Authorization Extension API is something like: urn:auth0-authz-api. How to use these two audience in one client?

BTW, My code is in Golang. And I’m using this library: as the SDK for Auth0 APIs. The related code is as follows:

func (s *AuthzTestSuite) SetupSuite() {
	cfg := auth0.Config{
		ClientID:         os.Getenv("AUTH0_CLIENT_ID"),
		ClientSecret:     os.Getenv("AUTH0_CLIENT_SECRET"),
		Tenant:           os.Getenv("AUTH0_TENANT"),
		AuthorizationURL: os.Getenv("AUTH0_AUTHORIZATION_URL"),
	client, err := cfg.ClientFromCredentials(os.Getenv("AUTH0_AUTHORIZATION_API"))
	assert.Nil(s.T(), err)
	s.Client = client


I have the same question, and haven’t been able to find a definitive answer. From what I’ve read, it seems the common practice is to get a separate access token for each audience (management, auth extension). It would be nice to get a final answer though.

Were you able to find anything definitive by chance ?