Auth0 Home Blog Docs

Should I share access_token with Javascript



I have a traditional ASP.NET MVC application that I have configured to authenticate users with Auth0. In that app, I am calling my own API that is also setup with authentication through Auth0. I also want to call that API from the in page javascript in my application. Can I ‘share’ my access token that I get back from the authentication with the javascript in my app and then call the API using that? Are there any security problems with that strategy?