tyf
September 2, 2022, 7:22pm
6
Hey @wiley you’ll basically need to use some sort of a proxy to make calls to the management API on behalf of your SPA app. If using the front end directly, there are strict limitations as outlined in the article you posted. This is a security precaution given the fact that it’s in the context of a public application - The following resources should help:
Last Updated: Aug 8, 2024
Overview
This article provides details on how to enable users to change their email address from a SPA or native app.
Applies To
SPA
Native App
Email address
Solution
Public clients (like SPAs and native applications) are restricted from requesting tokens for the management API with the proper scopes for updating a user’s email. These types of applications are limited to a few specific scopes . Because of these limitations, email change requests from public clients m…
I am trying to get user metadata for a logged in user. Given that the login gives me an access token and not an id token. So I can’t add the user metadata that way and there does not seem to be a way to extend the information that is returned on the /userinfo API. I figure the only way to get the user metadata would be for the user to be able to user the Management API. So I attempted to user the access token to access the Management API and that is a no go. I am using the Auth0Client to do the …
No worries! Good to know that was helpful
You will need both - The SPA app configured in Auth0 will be specific to your React App/client side. On the other hand, you will have a M2M app configured in Auth0 specific to your own API/backend. The flow would look like this:
User logs in to your React/SPA app.
User goes to perform something (get all users for instance) that requires Management API use.
This is really where the magic happens - Instead of your React app communicating direct…
1 Like