Management API with SPA + custom API

I am using React for my frontend and Node.js for my Backend
On frontend, I have protected routes based on the roles of the User. To get the roles, I need to call the management API and with SPA I need to do this from backend to prevent my credentials from leaking.

In my Node backend, I want to get access tokens for management API but I cant use client_credentials method as my application is SPA and not Machine to Machine.

How can I get Management API Access Tokens from backend?

Hey there @chinmay.pant !

Have you considered adding roles to tokens? This is the standard approach.

You should be able to store client credentials safely in a node backend - Typically, any action using the Management API (except for a limited set of options) from a SPA should be proxied through a backend as outlined in the following FAQ:

Auth0 offers a Node Management Client library handle getting, storing and using Management API access tokens.

Hope this helps!

Thanks @tyf. From the references you shared, I just figured out that the backend and frontend needn’t share the same application.

I created another M2M application for backend and configured through it. Its working like a charm now.

Just one more advice I needed, should I get a new access token for every request?
Or I should use the fetched token until it expires?

No problem, I’m happy to help!

This is great news!

You should definitely use the same token until it’s expired and you need to request a new one.

Hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.