How to call auth0 management API by using single page application access token

ambegave2 · March 29, 2021, 3:22am

Hello,

I am facing an issue while calling Auth0 API by using single page application access token which we get by using below
const token = await getAccessTokenSilently();

it says does not have required scope even though I have provided required scope in auth0provider like below
<Auth0Provider

domain="my domain"

clientId="my single page app id"

redirectUri={window.location.origin}

audience="https://my tanant/api/v2/"

scope="read:users read:user_idp_tokens" >

I am trying for this management API https://domain/api/v2/users-by-email

error:

{“statusCode”:403,“error”:“Forbidden”,“message”:“Insufficient scope, expected any of: read:users,read:user_idp_tokens”,“errorCode”:“insufficient_scope”}

in short how to call management API from our single page web application

please let me know any suggestion @konrad.sopala ++

Ale · March 29, 2021, 9:03am

Hey @ambegave2, Management API Tokens for SPAs have certain limitations. If you want to issue non-restricted Access Tokens because your use case requires it, the only secure solution would be to request them from a backend as documented on Get Management API Access Tokens for Production

I suggest you to take a look at: