Auth0 Home Blog Docs

SPA with Auth0.js and Management API – consent required

Hey! I could definitely do with some “Developer Success” today … I’m working with an SPA that uses Auth0 for authentication and authorization (using Auth0.js) and I want to update the user’s image.

The only way to update the metadata of the currently logged in user is to use the Management API, right?

According to this doc I should be able to obtain an access token for the Management API by using the audience https://MY_DOMAIN/api/v2/ and the scope (in my case, update:current_user_metadata).

After my user has logged in, I call webAuth.checkSession with that audience and scope, but I get a consent_required error. (I’m using as the domain and added it to the allowed web origins for my app.)

Am I missing something or is this expected behaviour?


Later Addition: I am able to get an access token for the Management API if I use the authorize endpoint and then grant access in the popup. But I don’t want my users to see this dialogue, as it will be very confusing (“I should give access to WHAT to WHOM?!”). Can I skip consent or get the access token for the Management API when the user logs in? (I think the latter question was already answered several times in this community, and the answer is no …)

1 Like

same problem here exactly…