Management API with SPA + custom API

Hey there @chinmay.pant !

Have you considered adding roles to tokens? This is the standard approach.

You should be able to store client credentials safely in a node backend - Typically, any action using the Management API (except for a limited set of options) from a SPA should be proxied through a backend as outlined in the following FAQ:

Auth0 offers a Node Management Client library handle getting, storing and using Management API access tokens.

Hope this helps!