Can I use one non-interactive client to access both the Management API and Authorization Extension API?

I’m the author of Casbin ( And I’m writing a role manager implementation for Auth0 here:

I want to retrieve all the users and all the groups from the Auth0 tenant via the non-interactive client. So I need to access both the Management API and the Authorization Extension API. The audience for Management API is something like: The audience for Authorization Extension API is something like: urn:auth0-authz-api. How to use these two audience in one client?

BTW, My code is in Golang. And I’m using this library: as the SDK for Auth0 APIs. The related code is as follows:

func (s *AuthzTestSuite) SetupSuite() {
	cfg := auth0.Config{
		ClientID:         os.Getenv("AUTH0_CLIENT_ID"),
		ClientSecret:     os.Getenv("AUTH0_CLIENT_SECRET"),
		Tenant:           os.Getenv("AUTH0_TENANT"),
		AuthorizationURL: os.Getenv("AUTH0_AUTHORIZATION_URL"),
	client, err := cfg.ClientFromCredentials(os.Getenv("AUTH0_AUTHORIZATION_API"))
	assert.Nil(s.T(), err)
	s.Client = client

I have the same question, and haven’t been able to find a definitive answer. From what I’ve read, it seems the common practice is to get a separate access token for each audience (management, auth extension). It would be nice to get a final answer though.

Were you able to find anything definitive by chance ?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?