Assign role to multiple users in Postman Results on 403

Bruni-WanKenobi · February 7, 2024, 2:57pm

Hey Fam,

I am trying to assign a new role to all existing users. We have a couple of thousand of users. I tried the approach shared here How to Bulk Add Role to Multiple Users by lihua.zhang.

However, I am receiving a 403 stating when attempting the suggested steps inside of Postman.

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "Insufficient scope, expected any of: update:roles,create:role_members",
    "errorCode": "insufficient_scope"
}

I am using the management API so I should have update:roles,create:role_members
I also tried creating a specific API with these permissions.

POST 
URL https://domain.us.auth0.com/api/v2/roles/ROLE_ID/users
Body: {
    "users": [
        "auth0|USER_ID_ONE",
        "auth0|USER_ID_TWO"
    ]
}

I retrieved a list of users from the Get Users and I am planning on referencing this list inside the user’s array.

Any idea what is causing the 403 and how I can go about adding the role for my users?

Thanks in advance.

tyf · February 7, 2024, 10:57pm

Hello there @Bruni-WanKenobi welcome to the community!

This error is typically spot on in that the management API access token you are using against the API doesn’t have the required scopes - You can inspect the token you are attempting to use at jwt.io to be sure.

Bruni-WanKenobi · February 8, 2024, 2:39pm

Thank you @tyf I am copying the token directly from the API Management Test tab under the Asking Auth0 for tokens from my application.

When I inspect the token this is what I got.

{
  "iss": "https://domain.us.auth0.com/",
  "sub": "DVTvP55555wN5555555555@clients",
  "aud": "https://domain.us.auth0.com/api/v2/",
  "iat": sdsdsd,
  "exp": sdsdsds,
  "azp": "sdsdsd",
  "scope": "read:users update:users create:users read:users_app_metadata update:users_app_metadata create:user_tickets read:connections update:connections create:connections update:roles create:role_members",
  "gty": "client-credentials"
}

It could be that my Collection in Postman had cached an erroneous bearer token. After I confirmed that the role was there I killed its service and tried again again and I was able to add the new role for a test group of users. Thank you for the help!

tyf · February 8, 2024, 11:41pm

Happy to help, and thanks for sharing your findings here!

system · February 22, 2024, 11:41pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ManagementClient assignRolestoUser fails with Bad Request Invalid request payload input Help roles	2	2587	May 25, 2022
Need a better approach to handle roles, permissions and calling Management API from the frontend Help management-api , roles	0	480	November 22, 2023
Add roles to the user from within the rules Help jwt , roles	3	3676	January 8, 2024
Assigning default role(s) to new users Help auth0 , roles	10	16969	July 19, 2019
Help, Managnment API, set role for a user report 400 error Help management-api , roles	4	115	July 5, 2024

Assign role to multiple users in Postman Results on 403

Related Topics