How to resend email verification after signup?

Question

Upon signup auth0 automatically sends email verification, but what I am trying to implement is, add Resend Email Verification button on frontend application, which will request auth0 to resend verification email (in case the user loses the previous email verification email).

I figured out that, I need to call this API in Auth0 Management API, which needs a scope update:users, but the accessToken I got from auth0 only has openid, users and email scope.

So the question is

1. How do I add scope to the accessToken generated by auth0? So that I could call Auth0 Management API.
2. Is adding scope a good practice?
3. Another approach to this could be, creating a Machine to Machine application that will have the update:users scope. I will also create a backend service that will store application secret id and, my frontend application will call my backend endpoint which will call the Auth0 Management API on behalf of me to resend the verification email. This approach might work but the concern is this a good approach?

If not what might be the best approach?

Answer 1

I am posting my response from the auth0 community forum here for the visibility of future users. Thanks for the follow up Robin!

You don’t want to give front end application tokens with general scopes for the management API. If you let that user have a token to update:users, then they will be able to update any user in your DB.

You will want to make that request from a trusted application like a backend. A M2M application would work in this case. You can then make a client credentials grant request with client secret and get a token to interact with the management api.