Hello, I’m currently using Auth0 for the first time as part of a small, amateur project. I am designing a React SPA, and have for the most part been following the Quickstart guide:
However, I have been having trouble following the docs/tutorials (primarily this page) for accessing and using the Management API, . Specifically, I have not been able to figure out how to retrieve a Management API Token. Where am I supposed to make the call to /authorize - or update an existing call in order to do this?
I know that I must be making a very simple, fundamental error, but any help would still be greatly appreciated. Thank you!
Hi Han.
In general, SPAs can not get a token for the management API v2, unless it’s for one of the scopes that affect the currently logged user (like read:current_user). This is further explained in this document: Get Management API Access Tokens for Single-Page Applications (the one you linked).
The /authorize request mentioned in the doc is the token request. In a SPA you would probably use something like auth0Client.loginWithPopup(params);, to present a popup for the user interaction (to avoid losing the state of the app). params would be an object where you’d have at least:
{
"audience":"https://your_auth0_domain/api/v2/",
"scope": "the desired scopes"
}
remember that an SPA would have the scope limited to those of the currently logged user. If you need more generic access, you’ll need to access it from a backend application that can execute a client-credentials flow to exchange a client ID and client secret for a token (as explained in https://auth0.com/docs/api/management/v2/tokens).