I have issue with role-based access control using auth0-spa-js. I am trying to consume Auth0 Management API’s for Users that needs scope access.
scopes = "openid profile email update:users update:users_app_metadata update:current_user_metadata delete:current_user delete:users"
this.auth0Client = await createAuth0Client({
domain: this.domain,
client_id: this.client_id,
audience: this.audience,
redirect_uri: `${window.location.origin}/callback`,
scope:this.scopes
});
In my service, I have created updateUser()
async updateUser(userId, data) {
var options: GetTokenSilentlyOptions = {
scope: this.authService.scopes,
audience: this.authService.audience,
ignoreCache: false
}
const client = await this.authService.getAuth0Client();
const token = await client.getTokenSilently(options);
return this.http.patch(this.authService.audience+"users/" + userId, data, {
headers : {
Authorization: `Bearer ${token}`
}
})
.toPromise();
}
I am trying to update or delete user data. Its gives response insufficient_scope
{"statusCode":403,"error":"Forbidden","message":"You cannot update the following fields: name, nickname","errorCode":"insufficient_scope"}