Issue when accessing Management API using getTokenSilently in auth0-spa-js


I am trying to use the following code in my application (I am using auth0-spa-js) to retrieve the full user profile of the logged in user.

const getUserMetadata = async () => {
const user = await auth0Client?.getUser();
const accessToken = await auth0Client.getTokenSilently();
const result = await fetch(
"https://" + auth0Config.domain + "/api/v2/users/" + user.sub,
method: "GET",
headers: {
Authorization: "Bearer " + accessToken,
const data = await result.json();

The problem I am running in to is that the fetch request is receiving a 400 error:

{"statusCode":400,"error":"Bad Request","message":"Bad HTTP authentication header format","errorCode":"Bearer"}

I am running the application on my localhost and have added http://localhost:3000 to the “Allowed Origins (CORS)” setting in the Applications configuration in Auth0.

When I try to check my token using a JWT decoder it has no payload and says the signature is invalid, is this perhaps why the error above is occurring?

I meant to edit this before it posted, it’s a copy-paste of a ticket I’ve raised but following the recommendation to ask the community. I’m new to Auth0.

So please forgive the brevity of my question! I’m very grateful for anyone that can point me in the right direction :slight_smile:

By way of update I have published my application to Netlify to test if it was a problem with running on localhost /http instead of https and I am experiencing the same problems.