I see in your code you have set the audience in your authorization request to audience: ‘http://localhost:3000’. The audience parameter needs to be set to the target API, in this case of calling Auth0 management API you should use audience: 'https://your-auth0-domain/api/v2/˜' .
Same issue: would like my user to be able to update their preferences using the same token they use to access my api. Seems if they log on to my api, they can’t access the management api.
@dearwicker If we want to achieve this for multiple APIs I believe the recommended approach would be to create a single API to represent all the individual API’s, and then control access to the individual APIs by assigning the appropriate scopes: Configure Logical API for Multiple APIs
Same issue here. Not sure why most things with Auth0 have to be so convoluted and complicated. I also wasn’t sure if this scope was needed when calling auth0.WebAuth: update:current_user_metadata.
Like most things in the documentation, its just randomly mentioned on this page, but never fully explained: Auth0.js v9 Reference Although it sounds self-explanatory, is it required? Can I update the user_metadata without providing that scope to auth0.WebAuth? This is what I’m talking about when I say everything is convoluted.
@kimcodes I did not understand the steps to follow.
I have an SPA that has audience set to a dotnet application (backend). I understand that I will now get 401 with the management API because the token is not valid for this.
I went ahead and created a new API application in the Dashboard and created couple scopes.
Then assigned each one of these scopes to each of the api’s (app’s api and management api).
I then updated the SPA to use the audience of the newly create API application.
For me the issue was a bad url in the auth0 doc example…
just needed to change https://login.auth0.com/api/v2/users to https://{accountNamespace}/api/v2