Is my application a SPA or Regular Web Application? (and the consequences)?

Hello, this is my first post.
I have read about Application Types and how it’s not recommended to put Management API Tokens on the front end of for example an SPA.

I think my application is a Singe Page Application (SPA), meaning that most of the application logic is on the client side. I also have a Server Folder with node.js files and modules where I currently have the auth0 authentication configured as a “Regular Web Application” using express.js.

1. I don’t know if that was the correct configuration method, I mean my front end is still considered to be a Singe Page Application (SPA) right? Even though I use an express.js server where I authenticated users. Is my application considered SPA because most of the application logic is on the front end and it loads all the client resources at once? Or can I use some routes on the same domain (currently localhost) using my express.js back-end and therefore safely use things like the Management API Token for letting users change user metadata. And it would be considered to have multiple pages?

2. I want to write code so that the user can change his own user metadata. In the case that my configuration (which is based on my understanding of application types), is correct, it means that I can follow the guide for getting the Management API Access Tokens for Regular Web Applications but if it’s not, then I would have to follow the SPA guide and it does not reccomend allowing users to change their metadata. Any other way around it like Registering a Machine-to-Machine Application would be very difficult for me as I am a Beginner Coder, I can’t find a video tutorial, haven’t ever created a CLIs or APIs really. I would need a guide specifically for creating that API for using it for that purpose, like how to connect that Machine-to-Machine application to the Regular one in order to get the Access Token on the Regular one. All of that doesn’t make sense to me.

What would be the easiest and correct way for me to move foward?

I am still learning to code, and this is my first back-end project. Please excuse me if I might have asked some basic things or if my questions don’t make any sense.

Hi @benjamin203,

Thanks for reaching out to the Auth0 Community!

You can check your application type in the application settings under Application Properties. Based on your tenant, I noticed that you’re using a Regular Web Application (RWA), not a Single Page Application (SPA).

Changing user_metadata is possible with both app types, but the process differs:

• RWA: Obtain an access token to update user_metadata via the Management API directly. See Call Your API Using the Client Credentials Flow.
• SPA: Specify the Management API as the audience to get an access token for this operation. See Get Management API Access Tokens for Single-Page Applications.

Ultimately, I recommend that you decide on one app type, either a SPA or RWA. For SPAs, consider using a Machine-to-Machine (M2M) application for backend requests that are beyond the scopes and endpoints defined here.

For further details, refer to:

• Applications in Auth0
• Confidential and Public Applications
• Get Management API Access Tokens for Production

Thanks,
Rueben