I am making a blog where only a user with my email address can post. I have a rule configured which sets an administrative role only to me. I am currently having difficulty trying to access my app_metadata.

From the documentation, I have learned that “You can use the Management API in order to retrieve, create, or update both the user_metadata and app_metadata fields at any point”. Because I am building an SPA, I was led to this page: https://auth0.com/docs/api/management/v2/get-access-tokens-for-spas

It is unclear to me how to retrieve a management API token. I followed this guide to integrate auth0: https://auth0.com/blog/react-tutorial-building-and-securing-your-first-app/

Thanks in advance.

Hi @nsena,

If you are using app_metadata in your SPA I would suggest adding it as a custom claim via a rule.

This is going to be the easiest way to add a small piece of data that is used often for authorization. See the example here:

If you are still interested in the management api can you tell me what auth0 library you are using.

Hope this helps!

Thanks,
Dan

Hi Dan,

Big thanks for the reply. I learned last night that auth0-js implements outdated security. I will be following this guide https://auth0.com/docs/quickstart/spa/react/01-login and then working on custom claims to get the required metadata. I’ll reach back if I have any questions.

Nate

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.