Does the authenticated user have to get new access token for updating user info

Hi Everyone,
When an user is authenticated and need to access the management api for updating their user info, do we need to obtain new access token again using client id and client secret of the Api Explorer Application (Machine to machine)
Or we can use the users’s existing token that was authenticated against the regular web application?


It will depend on the audience and scopes when the user is first authenticated.

If you are trying to update user profiles from a SPA we have some guidance here:

1 Like

Hi, @marcus.baker thank you for your response. I am not trying to update the user profile for a SPA, it’s a regular web application. The audience is the same for all the websites and even the API Explorer Application.
What puzzles me is the client id and secret are different for the regular web application (that a user is authenticated against) and the API Explorer Application.