Using Custom API with Permission getting "Unauthorized"

ty.frith · January 24, 2024, 11:08pm

That is correct, Management API Tokens obtained directly through a SPA are limited in scope by design.

The most common way of going about this is using a backend to serve as proxy for the SPA making calls against the management API:

If you’re interested, here is an example of what this might look like in a Node backend - This extends our standard auth0-react sample app.

Topic		Replies	Views
Unauthorized, Bad audience for management api Get Help management-api , auth0js	10	21748	September 9, 2019
401 "Bad audience:' when trying to access Management API Get Help management-api	19	20537	October 5, 2022
Create a permission using a API Get Help management-api , resource-servers	5	798	December 19, 2023
Getting Bad Audience while calling Custom API for Auth0 User Management Get Help auth0 , api , management-api , audience	7	8601	June 30, 2021
Receiving 401 for "Bad audience" when attempting to get a user Get Help management-api , users	4	854	July 6, 2023