I am using React for my frontend and Node.js for my Backend
On frontend, I have protected routes based on the roles of the User. To get the roles, I need to call the management API and with SPA I need to do this from backend to prevent my credentials from leaking.
In my Node backend, I want to get access tokens for management API but I cant use client_credentials method as my application is SPA and not Machine to Machine.
How can I get Management API Access Tokens from backend?
You should be able to store client credentials safely in a node backend - Typically, any action using the Management API (except for a limited set of options) from a SPA should be proxied through a backend as outlined in the following FAQ:
Auth0 offers a Node Management Client library handle getting, storing and using Management API access tokens.