Auth0 Home Blog Docs

Unauthorized, Bad audience for management api




My login method is following:

import auth0 from ‘auth0-js’;

const webAuth = new auth0.Authentication({
domain: ‘’,
clientID: ‘xxx’,
responseType: ‘token id_token’,
redirectUri: ‘http://localhost:3000/callback’,
audience: ‘http://localhost:3000

await webAuth.login({
username: this.formEmail,
password: this.formPassword,
realm: ‘Username-Password-Authentication’,
scope: ‘openid profile email app_metadata user_metadata update:users update:users_app_metadata’

I get a proper access_token.
I get: {“statusCode”:401,“error”:“Unauthorized”,“message”:“Bad audience: http://localhost:3000”}
when I call the management API with following.

const webAuth = new auth0.Management({
domain: ‘’,
token: localStorage.getItem(‘access_token’)

await webAuth.patchUserMetadata(userId, {
“name”: this.formName,
“nickname”: this.formNickname
}, (error, result) => {

There are no options to set audience on the Management API.


I see in your code you have set the audience in your authorization request to audience: ‘http://localhost:3000’. The audience parameter needs to be set to the target API, in this case of calling Auth0 management API you should use audience: 'https://your-auth0-domain/api/v2/˜' .

Please let me know if that helps.


I have already tried to set my authentication audience to that.
But then I can’t login, I get.

{"error":"invalid_request","error_description":"invalid audience specified for password grant exchange"}


Same issue: would like my user to be able to update their preferences using the same token they use to access my api. Seems if they log on to my api, they can’t access the management api.

How would single sign-on to multiple APIs work?