Hi @iJKTen,
Welcome to the Community!
It is possible to give a SPA access to certain scopes for the current user for the Management API, as described here: https://auth0.com/docs/tokens/management-api-access-tokens/get-management-api-tokens-for-single-page-applications#available-scopes-and-endpoints
Since you want to allow them to update a root attribute (nickname) instead of metadata plus look up other users, then you are correct that you’ll need to make the request via your server-side code as a machine-to-machine application.
Your M2M app will need to be authorized to use the read:users
and update:users
scopes:
Once your M2M app is authorized, you can request an Access Token using the client credentials flow,:
function init () {
return getToken()
.then(data => data.access_token)
.then(token => {
const managementClient = new ManagementClient({
domain: `${process.env.CLIENT_DOMAIN}`,
token,
audience: `https://${process.env.CLIENT_DOMAIN}/api/v2/`
});
// set it so we can use it in our other methods
this.managementClient = managementClient;
return true;
})
.catch(err => err);
}
function getToken () {
const clientId = process.env.CLIENT_ID;
const clientSecret = process.env.CLIENT_SECRET;
const url = `https://${process.env.CLIENT_DOMAIN}/oauth/token`;
return axios
.post(url, {
client_id: clientId,
client_secret: clientSecret,
grant_type: "client_credentials",
audience: `https://${process.env.CLIENT_DOMAIN}/api/v2/`
})
.then(res => res.data)
.catch(err => err);
}
Once you have the Access Token, you can either use the Management API endpoints directly, or you can use the Management API Client node-auth0
:
// https://auth0.github.io/node-auth0/module-management.ManagementClient.html#getUsers
// Note: results are paginated
function getUsers (params) {
return this.managementClient
.getUsers(params)
.then(users => users)
.catch(err => err);
}
// https://auth0.github.io/node-auth0/module-management.ManagementClient.html#updateUser
function updateUser (userId, data) {
const params = {id: userId}
return this.managementClient
.updateUser(params, data, function (err, user) {
.then(user => user)
.catch(err => err);
}
This article provides an example of creating a module for the Management API client in a Node app (it’s specific to managing clients, but the code example can be adjusted for managing users): Overview of Auth0's Management API v2 to update client settings