CORS error when updating user name

tmsmateus · November 20, 2022, 2:56am

Hi, I’ve been trying to update the logged user’s user.name from my react app, and I keep getting the following response"

{
    (...)
    status: 400
    type: "cors"
}

The authentication works correctly using the wrapper, my app settings have been set to allow “http://localhost:3000” for all application URIs, and this is my code for updating the user.name:

const { getAccessTokenSilently } = useAuth0()
const token = await getAccessTokenSilently({
    audience: <AUDIENCE>,
    scope: 'update:users'
})
const body = { name: "New Name" }
const headers = {
    Authorization: `Bearer ${token}`,
    'Content-Type': 'application/json'
}
const response = await fetch("https://<DOMAIN>/api/v2/users/<USER_ID>", {
    method: 'PATCH', body, headers,
})

Can anyone please help me with this?
Thanks in advance!

dan.woda · November 29, 2022, 7:57pm

Hi @tmsmateus,

Just wanted chime in and say that you can’t/shouldn’t get the update:users scope for a token in your SPA. This would allow a user to grab the token from the client and update any user in your DB.

You should be doing this type of update from a secure backend and validate the request for each user.

tmsmateus · November 30, 2022, 12:53am

Hi @dan.woda , thanks for your help!
I guess I should create a single editor user then, and as you said, keep that token safe from users.
Thanks! I’ll look into that.

dan.woda · November 30, 2022, 2:22pm

Here’s another resource that may be useful. Let us know if you have any questions!

system · December 14, 2022, 2:23pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.