Auth0 Home Blog Docs

SPA with Auth0.js and Management API – consent required

Hey! I could definitely do with some “Developer Success” today … I’m working with an SPA that uses Auth0 for authentication and authorization (using Auth0.js) and I want to update the user’s image.

The only way to update the metadata of the currently logged in user is to use the Management API, right?

According to this doc https://auth0.com/docs/api/management/v2/get-access-tokens-for-spas I should be able to obtain an access token for the Management API by using the audience https://MY_DOMAIN/api/v2/ and the scope (in my case, update:current_user_metadata).

After my user has logged in, I call webAuth.checkSession with that audience and scope, but I get a consent_required error. (I’m using lvh.me as the domain and added it to the allowed web origins for my app.)

Am I missing something or is this expected behaviour?

Thanks!

Later Addition: I am able to get an access token for the Management API if I use the authorize endpoint and then grant access in the popup. But I don’t want my users to see this dialogue, as it will be very confusing (“I should give access to WHAT to WHOM?!”). Can I skip consent or get the access token for the Management API when the user logs in? (I think the latter question was already answered several times in this community, and the answer is no …)

1 Like

same problem here exactly…

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?

Hey Konrad, thanks for reaching out. Actually, we gave up on that issue because it wasn’t a priority, but some help would still be appreciated (especially seeing that other people have the same problem). Haven’t touched this in a while, but if you need more info, I can check.