You should be able to store client credentials safely in a node backend - Typically, any action using the Management API (except for a limited set of options) from a SPA should be proxied through a backend as outlined in the following FAQ:
Auth0 offers a Node Management Client library handle getting, storing and using Management API access tokens.