Creating an SPA via management Node sdk has different options than Auth0 UI - cannot login

getbounds · April 14, 2025, 2:45pm

Ready to post? First, try searching for your answer.
When I create an spa application from the node management client I cannot login to my app using the client_id - Unauthorized. I noticed that this application has an APIs section, while when I create an SPA application with the normal Auth0 UI, there is no APIs option. I assume this is the issue. If so, I am not sure what scopes/permissions to give to my client SPA app from my main management API, or if there is an additional option I can set when creating my client app from the Node sdk.

Creation Options from the Node SDK

  const { data: application } = await management.clients.create({
    name: `${name}-app`,
    app_type: "spa",
    allowed_logout_urls: ["http://localhost:3000/logout"],
    callbacks: ["http://localhost:3000/callback"],
    allowed_origins: ["http://localhost:3000"],
    web_origins: ["http://localhost:3000"],
    allowed_origins: ["http://localhost:3000"],
    oidc_conformant: true,
    organization_usage: "require",
    organization_require_behavior: "post_login_prompt",
    jwt_configuration: {
      lifetime_in_seconds: 60 * 60 * 24,
    },
  });

Result from CLI Node App -

Result from UI-Created App -

rueben.tiow · April 15, 2025, 7:16pm

Hi @getbounds,

I understand you’ve encountered an “Unauthorized” error during login when using your app’s client_id.

The behavior you observed where a SPA app does not have an APIs section is totally normal. This is because SPAs are public clients and cannot securely store secrets. See Get Management API Access Tokens for Single-Page Applications - Limitations for a thorough explanation.

In this case, access tokens are issued in the context of the user who is currently signed in to Auth0, which limits updates to only the logged-in user’s data.

Meaning that, if you need to perform non-user related requests using the Management API, we recommend getting the access token from the backend rather than the frontend in a SPA.

If you are still having issues, could you share the Management API endpoint request you are making?

Thanks,
Rueben

Topic		Replies	Views
Get Management API Token in actions (SPA) Get Help management-api	2	2618	June 28, 2021
Need help accessing Management API using react-auth0-spa-js Get Help spa , react	4	5813	February 12, 2020
How to call the management API from an API Get Help	4	5778	September 17, 2019
SPA+API+User Profiles - Confused Get Help	2	3554	July 25, 2019
Custom API access Management API Get Help auth0 , api , management-api	4	4933	November 11, 2021

Creating an SPA via management Node sdk has different options than Auth0 UI - cannot login

Related topics