Auth0 Home Blog Docs

Non-interactive client vs regular client



Can we not use the same non-interactive client for both accessing Authentication API and Management API?

If not then why is it required to use separate clients for the two operations?


It depends; for the purposes of accessing the Management API is more useful to think about client applications able to perform client credentials grant (confidential clients) vs client application unable to do so (public clients).

The Authentication API has endpoints for all the grants so in order to execute a given grant all clients use the Authentication API. If the client in question then is a confidential client then that client can also access the Management API.

In conclusion, if the components/applications don’t have the same capabilities in terms of OAuth 2.0 grants that they can execute then they need to be represented by different client applications; when the components have the same capabilities then the need for different client applications is more subjective.