Hey! I could definitely do with some “Developer Success” today … I’m working with an SPA that uses Auth0 for authentication and authorization (using Auth0.js) and I want to update the user’s image.
The only way to update the metadata of the currently logged in user is to use the Management API, right?
According to this doc Get Management API Access Tokens for Single-Page Applications I should be able to obtain an access token for the Management API by using the audience https://MY_DOMAIN/api/v2/
and the scope (in my case, update:current_user_metadata
).
After my user has logged in, I call webAuth.checkSession
with that audience and scope, but I get a consent_required
error. (I’m using lvh.me
as the domain and added it to the allowed web origins for my app.)
Am I missing something or is this expected behaviour?
Thanks!
Later Addition: I am able to get an access token for the Management API if I use the authorize
endpoint and then grant access in the popup. But I don’t want my users to see this dialogue, as it will be very confusing (“I should give access to WHAT to WHOM?!”). Can I skip consent or get the access token for the Management API when the user logs in? (I think the latter question was already answered several times in this community, and the answer is no …)