Assign role to multiple users in Postman Results on 403

Bruni-WanKenobi · February 7, 2024, 2:57pm

Hey Fam,

I am trying to assign a new role to all existing users. We have a couple of thousand of users. I tried the approach shared here How to Bulk Add Role to Multiple Users by lihua.zhang.

However, I am receiving a 403 stating when attempting the suggested steps inside of Postman.

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "Insufficient scope, expected any of: update:roles,create:role_members",
    "errorCode": "insufficient_scope"
}

I am using the management API so I should have update:roles,create:role_members
I also tried creating a specific API with these permissions.

POST 
URL https://domain.us.auth0.com/api/v2/roles/ROLE_ID/users
Body: {
    "users": [
        "auth0|USER_ID_ONE",
        "auth0|USER_ID_TWO"
    ]
}

I retrieved a list of users from the Get Users and I am planning on referencing this list inside the user’s array.

Any idea what is causing the 403 and how I can go about adding the role for my users?

Thanks in advance.

tyf · February 7, 2024, 10:57pm

Hello there @Bruni-WanKenobi welcome to the community!

This error is typically spot on in that the management API access token you are using against the API doesn’t have the required scopes - You can inspect the token you are attempting to use at jwt.io to be sure.

Bruni-WanKenobi · February 8, 2024, 2:39pm

Thank you @tyf I am copying the token directly from the API Management Test tab under the Asking Auth0 for tokens from my application.

When I inspect the token this is what I got.

{
  "iss": "https://domain.us.auth0.com/",
  "sub": "DVTvP55555wN5555555555@clients",
  "aud": "https://domain.us.auth0.com/api/v2/",
  "iat": sdsdsd,
  "exp": sdsdsds,
  "azp": "sdsdsd",
  "scope": "read:users update:users create:users read:users_app_metadata update:users_app_metadata create:user_tickets read:connections update:connections create:connections update:roles create:role_members",
  "gty": "client-credentials"
}

It could be that my Collection in Postman had cached an erroneous bearer token. After I confirmed that the role was there I killed its service and tried again again and I was able to add the new role for a test group of users. Thank you for the help!

tyf · February 8, 2024, 11:41pm

Happy to help, and thanks for sharing your findings here!

system · February 22, 2024, 11:41pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.