Hello @mike.benza welcome to the community!
It is possible to obtain a limited Management API token client side. If the access token is scoped properly (read only) then you shouldn’t need to worry about a user editing metadata, but it is still generally recommended to handle this server side.
The following FAQ outlines this exact scenario:
https://community.auth0.com/t/how-can-i-enable-users-to-change-their-email-address-from-a-spa-or-native-app/44064
Hope this helps!