I followed two very well written quickstarts ,  to let users log into the SPA and after that, let them call AWS Lambda based API.
I created two separate auth0 apps (one for M2M aws jwt authorizer and one for the SPA) and one auth0 API that’s being used by the M2M auth0 app. I crated AWS API Gateway backed by Lambda functions that are authorized against auth0 using a custom authorizer.
I got to the point where users can log in, just to find out there probably seems to be a piece missing between my two auth0 apps. The user logs in, however, he’s not authorized to call the AWS API, because he was authorized by the auth0 SPA app, not the M2M one. That seems pretty obvious when I think about it.
I feel I must have taken a wrong turn along the way, because this seems like a pretty basic use case. How do I make these two work together?