Auth0 Home Blog Docs

Management API User Authentication


#1

I want to let users modify their accounts using exclusively client-side code and JWTs. It seems the Management API is necessary, but I’m unclear on permissions.

Linking user accounts seems to be possible with simple user JWTs:

But in general, the documentation seems to say the Management API needs a special JWT that should be used server side only.

For example is there any way to let a user directly change their password using this endpoint, with their own JWT?


I tried, but get a “Bad audience” error.

Also, if I understand correctly, and certain parts of the Management API (such as post_identities) can use user tokens, but other require special server only tokens (such as patching users) is this clearly specified somewhere?