CORS error when updating user name

Hi, I’ve been trying to update the logged user’s user.name from my react app, and I keep getting the following response"

{
    (...)
    status: 400
    type: "cors"
}

The authentication works correctly using the wrapper, my app settings have been set to allow “http://localhost:3000” for all application URIs, and this is my code for updating the user.name:

const { getAccessTokenSilently } = useAuth0()
const token = await getAccessTokenSilently({
    audience: <AUDIENCE>,
    scope: 'update:users'
})
const body = { name: "New Name" }
const headers = {
    Authorization: `Bearer ${token}`,
    'Content-Type': 'application/json'
}
const response = await fetch("https://<DOMAIN>/api/v2/users/<USER_ID>", {
    method: 'PATCH', body, headers,
})

Can anyone please help me with this?
Thanks in advance! :slight_smile:

Hi @tmsmateus,

Just wanted chime in and say that you can’t/shouldn’t get the update:users scope for a token in your SPA. This would allow a user to grab the token from the client and update any user in your DB.

You should be doing this type of update from a secure backend and validate the request for each user.

Hi @dan.woda , thanks for your help!
I guess I should create a single editor user then, and as you said, keep that token safe from users.
Thanks! I’ll look into that.

1 Like

Here’s another resource that may be useful. Let us know if you have any questions!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.