I’m using auth0 user management api v2
for implementing a module where admin users should be able to create new user account on behalf of that lower level user, edit existing user info , reset username Or password , and even delete users as needed. Whats standard way of implementing such modules with auth0 user management api v2
, please suggest me which doc should I follow , I’ve tried to find some yet couldn’t find the standard way
The only consideration is that the Auth0 Management API v2, in particular, the endpoints required to enable functionality such as the ones you mentioned are meant to be accessed by a component that is able to obtain a suitable access token through the client credentials grant.
The above means that a system such as your needs to have at least one component that can act as an OAuth 2.0 confidential client (aka it can securely maintain a client secret) which would be the case of any server-side component.
Assuming your module is a web application the end result is that you can’t have a SPA talk directly to the Auth0 Management API so the module would need to be part of a system that is composed of something more than just a SPA. For example, it could be a traditional server-side rendered web application or it could be a SPA that talks to a server-side API (resource server) which in turn talks to the Auth0 Management API.
In addition, the module you mentioned seems to have a lot of feature that overlap with what’s offered by the delegated admin extension so, if you haven’t done so already, you might want to take a look at that. In particular, check this table that lists the available user management actions through that extension.
@jmangelo thank you for your answer, Just another query for users who used their social logins , how do we manage them in such modules where admin user will be able to update their email/ reset the password ?
For social authentication the user credentials are managed by the social identity provider (for example Google) so you can’t change those credentials in Auth0. In order to have full control over the email and password credentials the end-user identity must be managed by Auth0 which is the case for database connections, but not for social connections.