Changing user root attributes

We are having an issue changing a root attributes that some users have.

Due to the user migration flow that we have in signin, in which we look for legacy bases through the login script and insert in Auth0 if the user exists in any legacy base, some users were inserted with the credential attribute incorrectly in auth0, as the object was not normalized in the login script.

So we have users with root attributes who have data we want to remove. However, the update user API does not accept that root attributes are sent for editing outside the allowed attributes:
Doc (Update Root Attributes for Users).
FAQ (How to Delete User Profile Attributes)


curl --location --request PATCH 'https://{DOMAIN}/api/v2/users/{PRIMARY_IDENTITY_ID}' \
--header 'authorization: Bearer ' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data '{
    "credentials": null


    "statusCode": 400,
    "error": "Bad Request",
    "message": "Payload validation error: 'Additional properties not allowed: credentials (consider storing them in app_metadata or user_metadata. See \"Users Metadata\" in for more details)'.",
    "errorCode": "invalid_body"

Therefore, we are unable to remove user data.

What can we do in this case? We would like to remove the credentials attribute from users that were entered in error.


Hi @cassio.deon,

Welcome to the Auth0 Community!

To the best of my knowledge, it is not possible to update non-root user attributes such as the credentials property that you shared. This is consistent with the error message in the result, stating that the credential attribute is not an allowed property, and suggests storing it in the user’s app_metadata or user_metadata.

With that, could you please confirm how these users were added with the credential attribute incorrectly to Auth0? Was there an issue with your login script?

For now, one way we can handle this scenario is to remove these affected users, fix how the credential property is stored, and consider storing the credential attribute in the user_metadata so you can make updates to it in the future. Then when the user logs in the next time, they will get imported to your custom database connection in Auth0 correctly.


This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.