Is it able to get management API access token and call management APIs via a React Native mobile application?

Hello, we plan to use Auth0 React Native SDK to implement the user login process for a mobile application. The login process, authentication and authorization seem to go well.

Now we are considering whether we can call Auth0 management APIs to modify user’s profile, or send extra verification emails to them. There seems no management API SDK for React Native. After reading some docs we think we should get management API access token first then use it to call APIs, and we’ve set up a machine-to-machine application for getting the access token.

But we are getting 401 responses when trying to get management API access tokens. Actually I start to think whether a mobile application is able to get a management API access token since it seems not to be secure enough, and maybe there’s a reason why there’s no no management API SDK for React Native, it looks only server side applications are supported.

So I’m bringing this topic here to ask for some help. Hope someone can tell me whether we can call Auth0 management APIs via a React Native mobile application, if the answer is YES, what are the correct steps to do that. Thanks a lot!

Hi @taojiez

Do NOT set up a client credentials flow in your Native application. With Client Credentials, you must store the client ID and secret in the native app, and this is not secure.

Instead, set up an API that the native app can call, and the API will use the client credentials grant. The native app should use an access token when calling the API.

John

2 Likes

Thanks @john.gateley
Got your idea and thanks for the detailed explanation. I think you’ve cleared my concern and question.

1 Like

We are here for you!