For some parts of our application I’d like to display a list of users which may or may not include the current logged-in user (think e.g. a team list). I would like to also grab Auth0’s avatars for this list of users to be able to display them on the front-end. What’s the recommended way of doing this?
I’m also not sure whether the Management API is meant to be used this way (i.e. as a bulk data retrieval point by untrusted front-ends). The whole way that tokens are retrieved and used leads me to suspect that the Management API is never meant to be directly hit by an end-user front-end.
Is there a better way of doing this?