This seems like a very, very basic question but I have been bashing my head against a brick wall with this for some time now.
I am creating a SPA with a NodeJS backend. I want the API backend to be able to make calls to the Auth0 management API (to do things like re-send verification emails, list users, etc etc).
I have created an Auth0 “Application” for the SPA frontend.
I have created an Auth0 “API” for the NodeJS backend.
(I do not understand the difference between an “application” and an “api”)
I am able to authenticate with the backend API from the SPA frontend.
However I am unable to authenticate with the Auth0 management API from the NodeJS backend API. I have tried using the node client auth0.ManagementClient
with the client id and secret of the backend API, but get an access_denied
error.
From what I can understand from the Auth0 management dashboard I get the impression you can only authenticate with the management API from another “application”, not from an “api”. I have successfully authenticated with the management api using the test “API Explorer Application”.
However when I go to set up an “application” for my backend API, none of the options available match what it is:
Should I be setting up the backend API as a machine to machine application? It is very definitely not a CLI. But neither is it a regular web application (which mentions redirects, which the API will definitely not do). And obviously it is not a SPA or Native application either.
I am completely confused as to which option I should be selecting to allow the backend API access to the management API. Please help!