Auth0 4.10.0, NodeJS, and the impossible ManagementClient

I’ve been in a battle with on-site AI, who keeps giving me broken code. I am frustrated by the changes to the ManagementClient for NodeJS which seems to have removed a lot of functionality or forced it into direct API calls.

In short, I have a web interface where “admin” users are changing the roles on other users. The backend uses the ManagementClient to update the users. I found work arounds for all the functionality until I get to the last step where I want to replace role “A” with role “B”. I can assign Roles, but not delete them.

Here’s the old code that worked (abridged):

const ROLES = [
  process.env.ROLE_ADMIN_ID,
  process.env.ROLE_INACTIVE_ID,
  process.env.ROLE_PUBLIC_ID
]

let manager = new ManagementClient({
  domain: process.env.DOMAIN,
  clientId: process.env.CLIENTID,
  clientSecret: process.env.CLIENT_SECRET,
  scope:
    "create:users read:users read:user_idp_tokens update:users delete:users read:roles create:roles update:roles delete:roles"
})

router.get("/getAllUsers", async function (req, res, next) {
// ...
const fetchUsersInRoles = ROLES.map((id) =>
          manager.getUsersInRole({id}))
// ...

router.post("/assignRole", async function (req, res, next) {
// ...
         manager.assignRolestoUser({id: userid}, {roles: [roleID]})
        .then((result) => {
          const dataObj = {
            roles: ROLES.filter(
              (justAdded) => justAdded !== roleID)
          }

          manager.removeRolesFromUser({id: userid}, dataObj)
            .then((resp2) => {
              res.status(200)
                .send(`role was successfully assigned to the user`))
            })

This looks mostly like what the AI keeps recommending. By investigating the classes in the Auth0 code, I discovered a few workarounds…

manager.getUsersInRole became manager.roles.getUsers
manager.assignRolestoUser became manager.users.assignRoles

but manager.users.removeRoles does not exist! The AI finally said I could use manager.resourceServers.delete({ id: users/${userid}/roles, data }) but when I added the delete:resource_servers` scope to my ManagementClient, I still got the 401 error saying that I didn’t.

I’m so frustrated. I’ve lost two days and now I’ve got lots of users with conflicting roles that I can’t fix unless I manually make the changes. What am I missing? Something obvious must be here. Is there a unassignRoles or nukeRoles that I am not seeing?

Hi @cubap

Welcome to the Auth0 Community!

Thank you for posting your question, in terms of removing roles from the user you should be able to use deleteRoles.

Thanks
Dawid

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.