Auth0 Home Blog Docs

Allowing user to update user_metadata - After updating, call to userInfo does not contain changes

userinfo
management-api
auth0js
user-metadata
#1

Hi All. I’m using auth0.js in a single page application. I’m able to allow the user to update their own user_metadata via the Management API, and I can verify that the user_metadata is updated by manually logging into auth0.com and looking at the user’s profile.

The issue I am having is showing the user their changes (my app has a ‘profile’ section where the user can view various things, including what is in their user_metadata).

After I call patchUserMetadata() and it returns successfully, I call auth0.client.userInfo() and what I thought would happen, is that the call to userInfo after patchUserMetadata wouldd return a result that contains new, updated user_metadata, but it does not. Why?

What I think is happening is this:
When the user first authenticates, I have my 'WebAuth` setup like…

auth0 = new auth0.WebAuth({
    clientID: MY_CLIENT_ID,
    domain: MY_DOMAIN,
    responseType: 'token id_token',
    audience: MY_AUDIENCE,
    redirectUri: MY_REDIRECT_URI,
    scope: MY_SCOPES,
    leeway: 30
  });

However, when the user goes to update their metadata, I do this…

this.auth0.checkSession(
    {
      audience: `https://MY_DOMAIN/api/v2/`,
      scope: 'read:current_user update:current_user_metadata',
      redirectUri: MY_REDIRECT_URI
    }, (err, result) => {
      var auth0Manage = new auth0.Management({
        domain: MY_DOMAIN,
        token: result.accessToken
      });

      //Call to auth0Manage.patchUserMetadata()
              //Call to this.auth0.userInfo if patch was successful
   });

Is the issue because I did a checkSession() and changed the audience?

Do I have to call checkSession() a second time - after patchUserMetadata() - with the original parameters???

I tried calling checkSession() a second time, with the original parameters, then calling userInfo, and it works. However that doesn’t seem like that’s the correct thing to do/seems a little hacky to me. I feel like there’s probably something I’m missing.

Any help would be excellent!

#2

An Auth0 engineer (or just anyone who knows more than me!) would be the best person to answer this but this may be normal. If you are calling auth0.client.userInfo() more or less immediately after the patchUserMetadata(), it could be an indexing delay. I’m pretty sure the data stored in Auth0 is of the ‘eventually consistent’ kind.

If you wait a bit and then call patchUserMetadata(), does the new data appear?

#3

I see what you’re saying, but I’m not calling userInfo() immediately after patchUserMetadata(). patchUserMetadata has a callback. I make the call to userInfo in the callback. The callback isn’t triggered until patchUserMetadata is complete, so I would think that all is good by the time I’m in the callback. However you still may be correct? Not sure. I’ll have to do some more testing. Maybe add a sleep in the callback before the call to userInfo(), although that seems hacky too. Here is the code, since I didnt post it earlier:

auth0Manage.patchUserMetadata(this.userInfo.sub, JSON.parse(metaDataStr), (err, info) => {

        const accessToken = localStorage.getItem('access_token');

        this.auth0.client.userInfo(accessToken, (err, info) => {

         if (info) {
           this.userInfo = info;
           this.user_metadata = this.userInfo['https://[redacted]/user_metadata'];  // Does not contain changes made by patchUserMetadata
         }

       });

});

#4

Not sure if this helps: The docs for the /userinfo endpoint seem to indicate that the data returned will be a ‘snapshot of the value at the time of login’ and that ’ To access the most up-to-date values … you must get new tokens’

1 Like
#5

That does help! Thank you! Certainly makes it more clear what my issue is. I need new tokens. What I want confirmation on (hopefully from one of the Auth0 engineers) is: Am I getting new tokens the correct way, as explained in my original post? Is calling checkSession() with certain parameters to set up/use the management API, then calling checkSession() yet again to get new tokens the right way to approach this?

And a follow up question (if what I am doing above is in fact correct):

  1. Why can’t we just provide scopes upon initial authentication to allow the user to update their user_metadata? Why do we need the Management API to update user_metadata? Being permitted to update user_metadata by scopes only would prevent the one checkSession() call to switch to the Management API. You would only need to call checkSession() once to renew the tokens.
#6

anybody? anyone? bump bump bumpity bump to the top

#7

Hi @rhino5oh,

I’m afraid the answer to your questions is a bit beyond my ken. Hopefully someone else can lend a hand.

#8

Still hoping for confirmation. As I mentioned, what I did seems to work, it just seems a bit wonky:

user authenticates off the bat, then I have to switch to Management API via checkSession to make changes to user_metadata, then I need to checkSession again right after to be in a state where I’ll get updated user_metadata.