Auth0 Home Blog Docs

Cannot update user_metadata

user_metadata
update

#1

I can update the user_metadata via the portal and read it via the Management API. However when I try to set it I get 403 as follows

Error: Remote resource https://alwaysinmind.eu.auth0.com/api/v2/users/google-oauth2|116955772184856092800 returned status code: 403:

{“statusCode”:403,“error”:“Forbidden”,“message”:“Insufficient scope, expected any of: update:users,update:users_app_metadata,update:current_user_metadata”,“errorCode”:“insufficient_scope”}

Indeed I cannot see these listed in the portal as scopes for the Managment API.

What do I need to set and where?

thanks


#2

It appears I need to get the extra scopes when I request the Management API access_token but I cannot see how. The docs appear to indicate I should change the scopes in the non interactive client in the portal but there appears to be no way to access them :frowning:


#3

AAH - I found it - as subtle little down arrow in the “Non interactive clients” section of the Management API for the client in question.

Talk about obscure! The docs should be updated at the point they talk about required scopes Thanks


#4

In order to call the Management API you need a Auth0 Management APIv2 Token, as you can see here: https://auth0.com/docs/api/management/v2/tokens

First, you’ll need to create and authorize an Non-Interactive client, then you’ll need to add the required scopes for the API calls you want to request. For example, the [Get all clients] (https://auth0.com/docs/api/management/v2#!/Clients/get_clients) endpoint requires the scopes read:clients and read:client_keys, while the Create a client endpoint requires the scope create:clients.

To add the scopes the Non-Interactive client, you need to open the APIs section of the dashboard, select the Auth0 Management API, select the tab Non Interactive Clients, enable the Authorized switch for your Non-Interactive client and then select the required scopes from the dropdown, to the right of the switch, as you can see in the image:

![alt text][1]


#5

It appears I need to get the extra scopes when I request the Management API access_token but I cannot see how. The docs appear to indicate I should change the scopes in the non interactive client in the portal but there appears to be no way to access them :frowning:


#6

@stevealee Glad you found it. I’ll make a note with the documentation team to make it a bit more clear.


#7

Thanks Ricardo - it was the last step I was unable to find. Reading user meta data was working fine and now so is writing :slight_smile:

BTW of the scopes mentioned in that error message only the 1st oneactually seems to be available for the Admin API