Management API User Authentication

I want to let users modify their accounts using exclusively client-side code and JWTs. It seems the Management API is necessary, but I’m unclear on permissions.

Linking user accounts seems to be possible with simple user JWTs:

But in general, the documentation seems to say the Management API needs a special JWT that should be used server side only.

For example is there any way to let a user directly change their password using this endpoint, with their own JWT?

I tried, but get a “Bad audience” error.

Also, if I understand correctly, and certain parts of the Management API (such as post_identities) can use user tokens, but other require special server only tokens (such as patching users) is this clearly specified somewhere?

Hey there!

Sorry for such delay in response! We’re doing our best in providing the best developer support experience out there, but sometimes the number of incoming questions is just too big for our bandwidth. Sorry for such inconvenience!

Do you still require further assistance from us?