Auth0 Home Blog Docs

Cannot update user email or password

Hi ho. I’m trying to implement custom flow on mobile app for the user to update his email / password.

This is my auth code on iOS:

        password: authData.password,
        realm: Constants.emailConnection,
        audience: "user-update",
        scope: Constants.scope,
        parameters: nil
    .start { [weak self] result in
        switch result {
        case .success(let credentials):
            _ = self? credentials)
            completionHandler(.success(result: credentials))
        case .failure(let error):
            completionHandler(.failure(error: error))

And this is how I try to update the user data:

 .users(token: accessToken)
 .patch(userInfo.sub, attributes: attributes)
 .start { result in
      switch result {
      case .success:
           completionHandler(.success(result: {}()))
      case .failure(let error):
           completionHandler(.failure(error: error))

The error I get when calling above method:

Fail: Failed with unknown error [“statusCode”: 401, “message”: Bad audience: user-update, “error”: Unauthorized]

I’m lost… can’t figure out why I still getting that error. Any help?

Hey @michal!

I guess you need to make one change in your code. Instead of using accessToken you need to go for idToken.

Let me know if that worked :slight_smile:

Hi Konrad :slight_smile:
I’ve tried using idToken but I get another error then:

Fail: Failed with unknown error ["statusCode": 401, "attributes": {
    error = "Invalid token";
}, "message": Invalid token, "error": Unauthorized]

That’s quite strange. Let me get back to you once I confirm it with our iOS SDK team!

1 Like

Ok so there’s actually one more thing that I overlooked.

  • To edit Metadata you need to specify audience as: https://your_auth0_domain/api/v2/
  • As a Public client what you can edit is also restricted. You can not change an email address

If you want greater control you need to be using a confidential client type such as a Webapp or M2M that has full access to the Management API so basically use backend and get a Management API token to update the user (here’s the list of fields that are “updateable / non-updateable”:

Thanks @konrad.sopala. Did move the logic to the backend which manages management API. Works fine now.


1 Like

Glad you made it work!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.