I have a React application and a Custom API. I’m using the Implicit Flow, as explained in the SPA Quickstart (Auth0 React SDK Quickstarts: Login) to get an access_token and then I use it to make requests to my API. So far, everything working as expected.
However, when I use this same token to the Auth0 Management API (for example, for editing the current user), I get an error 401, saying “Bad audience”.
Does this mean I cannot use the same token from my API to the Auth0 Management API? If not, how do I get a token so I can use for both APIs?
Take a look at this FAQ. It has some resources explaining how to use multiple scopes to accomplish this goal. There is an example linked at the bottom of the Scopes doc if you would like to see how that works.
Otherwise you will want to get a management API access token.
You could also make the call from your backend API.
The fact is that I thought there was a way to use the same token I get from my API to make changes in the Auth0 Management API. Apparently, there is not; so I’ll need to implement the call from my backend.