tyf
5
That is correct, Management API Tokens obtained directly through a SPA are limited in scope by design.
The most common way of going about this is using a backend to serve as proxy for the SPA making calls against the management API:
If you’re interested, here is an example of what this might look like in a Node backend - This extends our standard auth0-react sample app.
1 Like