Access Denied when trying to use api.user.setAppMetadata

Following: Manage User Metadata with the post-login Action Trigger

We have an action that runs at post-login.

Everything works as expected except a call to api.user.setAppMetadata("key", "value"); causes the following error:

    "error": {
      "message": "user update failed: %!w(<nil>)",
      "oauthError": "access_denied",
      "type": "oauth-authorization"

Removing the call to api.user.setAppMetadata("key", "value"); and redeploying the action causes the issue to go away.

Is there a specific permission necessary for this? I could not find anything in the documentation.

Hi @jrmcpeek,

I can help you with this. I’d like to try and reproduce the error. Can you please provide the code you are using in the Action, and any other info unique to your setup? Thank you!

The following should cause it, as part of a post-login Auth0 Action:

exports.onExecutePostLogin = async (event, api) => {
  /* some long-running action on an external service */
  const output = "";

  api.user.setAppMetadata("email", output);

No special or unique settings for the tenant that I am aware of. Happens both in a free-tier dev tenant as well as a paid production tenant.

Thanks for the added info.

It looks like email is a protected field in the app_metadata property. All of the restricted fields are listed here: Metadata Field Names and Data Types

Let me know if you have any questions!

Easy enough to fix. It would be good if the error message was de-mangled to provide that information in the log :blush:


1 Like

I couldn’t agree more! I am going to let our engineering team know about that error. Thanks for your patience.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.