Add app_metadata on user registration?

connorff · March 9, 2020, 3:33am

I am trying to create a user via a POST request with Python. The user is created and all of the user’s data is correct except the app_metadata is missing. I am wondering if I am using the API incorrectly or if it is even possible to add app_metadata on user registration. If there are any alternate ways to add app_metadata through Python I would love to know those as well! Here is the current code for the request:

import http.client

conn = http.client.HTTPSConnection("_____.auth0.com")

payload = "{\"client_id\": \"<client_id>\",\"email\": \"<email>\",\"password\": \"<password>\",\"connection\": \"Username-Password-Authentication\",\"name\": \"Test User\", \"app_metadata\": {\"<custom_field>\": \"6\"}}"

headers = { 'content-type': "application/json" }

conn.request("POST", "/dbconnections/signup", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))

rashid779939 · March 9, 2020, 7:41am

Hi @connorff,

Welcome to the Community!

As per API documentation it shouldn’t behave like this. But you can update user_metadata any time. Please refer to below post:

Modify user_metadata with access token

mathiasconradt · March 9, 2020, 8:36am

As @rashid779939 said, with the Authentication API you can only set the user_metadata.

If you need to set app_metadata, that would need to be done via Management API (which is never called on behalf of an end user but of an administrator). Note though that you could also consider setting the app_metadata in a post-user-registration hook.

It depends on the use case and business logic which field makes most sense to you.

See the difference here:

User metadata : stores user attributes such as preferences that do not impact a user’s core functionality. Logged in users can edit their data stored in user_metadata if you build a form for them using the Management API PATCH endpoint with the scope update:current_user_metadata .

App metadata : stores information (such as, support plan subscriptions, security roles, or access control groups) that can impact a user’s core functionality, such as how an application functions or what the user can access. Data stored in app_metadata cannot be edited by users. See App metadata restrictions for what cannot be stored in this field.

konrad.sopala · March 9, 2020, 10:41am

Thanks for sharing that knowledge @rashid779939!

connorff · March 9, 2020, 1:58pm

Thank you @rashid779939 ! That information is very helpful

konrad.sopala · March 9, 2020, 2:50pm

Love the collaboration spirit!

system · March 24, 2020, 2:57pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.