I don’t want the user to have to log in twice (once for the Management API access token and again for an access token for my API) and it isn’t possible to specify multiple audiences. So as a solution, can I just use the Management API access token to authorize access to my own API (possibly checking scope as well as audience)?
My .JSON config file:
“scope”: “openid profile email read:current_user read:MYAPI”
Using this isn’t possible:
“audience”: [ “my-api”, “https://[tenant].eu.auth0.com/api/v2/”]
I started my Auth0 project using the vanillajs example project.
These are the docs I’ve been looking at: