Accessing both User Management API and custom API for SPA using Auth0

0
votes

I am building an SPA which has to access User Management API directly and also need to authorize a custom API.

The library I use was auth0-js.

According to the document, if I want to access the User Management API, I have to get the accessToken first by reaching the /authorize endpoint which provided by auth0.

Also I have to provide a specific string to audience parameter for that.

And if I want to authorize additional custom API, I have to reaching the /authorize endpoint again by providing a different set of params including audience to get a different access token.

Is there any easy way for me to enter /authorize endpoint one time and get an access token that can both used for User Management API and my custom API ? Thanks...

1
javascriptreactjsauth0

1 Answers

0
votes

You should not be getting an access token for Management APIv2 via Implicit grant flow used in SPAs. Only authorized non-interactive applications/clients should be used to get a Management APIv2 access token and the request should be initiated from a secure server and not from the browser. This is the recommended approach to receive a secure token for an API. You can read the guide on this here.

You can get a Management APIv2 token using Client Credentials grant using your own server, or depending on the use-case, request it via Auth0 Rules (which run after user authentication) and call the Management APIv2 endpoints in there in a secured Webtask container. You can read more it here.