Most operations available in the Management API are meant to only be called from back-end application because most of the endpoints allow for operation that you would not want a regular end-user to perform.
Due to the above, the approach to get an access token for the Management API and include those scopes is to perform a client credentials grant (https://auth0.com/docs/api/management/v2/get-access-tokens-for-production).
The client credentials grant is available only for confidential clients as those are able to maintain a secret and authenticate themselves in the token endpoint.
In conclusion, a React application (browser-based application so it’s considered a public client application) cannot perform a client credentials grant and as such won’t also be able to obtain a token with a scope such as
If you want to provide access to some of the features exposed by Management API to a subset of your end-users then you’ll need to have your own backend in the middle so the React application calls your backed which authorizes the call in order to guarantee it comes from an authorized user and then the backend call Management API.