Confusion about SPA + Management API and Custom API

Hi Guys,

I have a react SPA with Auth0 working just fine and I can make calls to my custom API.

I want to access the own user’s metadata from my SPA, this is where I am stuck.
(I understand that the SPA has limited access to management API features due to security reasons.)

Since I need to be logged in with my custom API for all my business related API calls, how can I access my user’s metadata.

I am able to login to the Auth0 Management API and get the metadata but than of course I cannot call my custom API.

So how would one solve this issue?

So far I wasn’t able to grant my custom API access to the management API.

Or is my understanding correct, that as soon as I am using a custom API all management API related operations must be redirected to my backend and from there to the management API?

Confused… as the title says…

Thanks for the Help

Hi @parttimehero,

You should be doing most interaction with the management API from your backend. SPAs are limited in what they can do against the management API.

If you just want to access the metadata, that can easily be added to the token in a rule.

Hopefully this helps!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.