No problem, happy to help where I can, and thanks for sharing your code!
I think you might be confusing the 2 different approaches a bit - In your profile.js
I can see that you are using a client_id
of a SPA app which isn’t going to work as you can’t use the client_credentials
grant type because it is deemed a public application. I think where you might be going wrong here is that you haven’t created or aren’t using a separate Machine to Machine (M2M) app to proxy the request to the management API for you.
It depends on what information you need from the Management API that dictates which approach to take - If you just need info about the current user then setting the audience to your Management API along with the requisite scopes on the client side and using this Access Token will work. Alternatively, if you need to get all users (you mentioned this initially) you will need to go the 2nd route which includes having your backend communicate via M2M/Client Credentials Exchange with the Auth0 Management API.
Here’s additional thread that goes in to detail explaining this:
This can be super confusing but hope this helps to further clarify!