I am utilizing the SPA SDK now for my vue application. It is going to have a profile page for the user and since I am using the universal login it doesn’t prompt for any kind of user information. If i want to allow them to be able to alter these fields (name, displayname, etc) How would I go about this using the SPA library, if it’s possible. If not what would be a good course of action ?
You can use the Management API to update your users.
With that being said, you will not want to request a management api token with the update:users
scope from your SPA. This is because the user could inspect the SPA, grab the token, then make update requests to your whole user store, not just their own profile.
As a result, the best way to let a user change their root attributes would be through a backend or proxy API that only lets the user update their own attributes.
Hope this helps!
Thanks,
Dan
According to Learn About Auth0's new Single Page Apps (SPA) JavaScript SDK
" if you still use embedded login or need to call the management API or authentication API, you’ll want to stick with auth0.js
."
Is it still ok to combine auth0-spa-js and management api?
I’ve been looking for the best way to create user initialized account linking combined with auth0-spa-js, but am still not sure. Is it management api? auth0-lock? auth0.js?
As I mentioned above, you will not want to use tokens for the managemnt API with auth0 spa js like Sam mentioned in the article.
Have you seen this doc for linking accounts from the client side? You can do it manually, with tokens with specific scopes intended for this purpose.
Thanks for the response Dan, sorry took so long to reply! What you said makes sense and I should be able to implement that without any kind of issue on the backend. I just wasn’t sure if there was any way the SPA-sdk could take care of this itself.
No problem! Thanks for the update.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
We have created a FAQ related to this topic. Please check it out: How to Implement Client-Side User Initiated Account Linking