Creating a user via the Management API results in a HTTP 400 error

Problem statement

A new user wishes to sign up for a client application. As part of this process, a new user instance is created via the Auth0 Management API, using the Create-a-User call to the “POST /api/v2/users” endpoint. In this example, it is intended that the new user instance be created in an Auth0 username-password database connection called ‘demo-dB’.

However, the call fails and the following error is displayed:

2023-02-03T12:21:39.784364757Z: [INFO] com.auth0.exception.APIException: Request failed with status code 400: connection is disabled (client_id: XXXalcyGabcGGln6GXRuIK1Nbh4tXYYY - connection: demo-dB )

In this instance:

  • ‘demo-dB’ is a regular Auth0 username-password database connection within a tenant
  • ‘client_id’ is a reference to the client application that the user attempted to signup for

This error is experienced even though the connection is enabled for an organization and creating a user via the Auth0 dashboard works as expected.

Symptoms

An attempt to create a user via the Management API for the target connection ( in this case ‘demo-dB’ ) will throw an error of the general form:

Request failed with status code 400: connection is disabled

However, attempts to use the Management API to create users on other Auth0 username-password connections may well succeed without error.

Troubleshooting

Inspection of the tenant logs provides useful insights into the problem:

  1. Search the tenant logs for Success API Operation ( sapi ) events. If such an event is found, it may indicate that a user has been created via the dashboard.
  2. Search the tenant logs for Failed Signup ( fs ) events. Given that it is not possible to create a user on the connection ‘demo-dB’ via the Management API, users will be unable to sign up using that connection.

NOTE: The availability of tenant logs will vary between 1 to 30 days, depending on the type of Subscription plan. For more information, refer to the Pricing Policy page.

  • If one or more Failed Signup ( fs ) events are present in the tenant logs, the log entry may record the reason why the sign up attempt failed. In this case, view the log to determine which application the user has attempted to sign up to.
  • The log entry also may contain instances of the error that was described in the initial problem statement:

Request: failed with status code 400: connection is disabled

  • A close look at the log entry for the Failed Signup (fs) event will also list the connection that it relates to. ( In our sample scenario, failure is associated with the connection 'demo-dB’ )

In summary, by inspecting the tenant logs and finding a Failed Signup (fs) event, it is possible to discover the following items of information to help with troubleshooting this problem:

  • the identity of the user who attempted to sign up
  • the client_id of the application
  • the reason why the sign up attempt failed ( ‘… connection is disabled’ )
  • the name of the Auth0 username-password database connection

Cause

The sign up attempt failed because the client application that the user wanted to sign up for has no association with the desired Auth0 username-password database connection.

Solution

Identify the Client Application

To solve this problem, first identify the application that is mentioned in the error message. In this example, the client_id is “XXXalcyGabcGGln6GXRuIK1Nbh4tXYYY”.

If the number of applications configured within the tenant is relatively small (less than 200):

  1. Login to the Auth0 dashboard as a tenant member (Administrator).
  2. Navigate Applications > Applications.
  3. Search for the client_id within the web page ( typically, this is CTRL+F for Windows or Command+F for Mac ).

If a large number of applications are configured in the tenant, it is more efficient to use the Management API and make a call to the Get-a-Client endpoint ( “GET /api/v2/clients/{id} " ). For example, the settings shown in the graphic below will retrieve the application name that corresponds to the client_id of"XXXalcyGabcGGln6GXRuIK1Nbh4tXYYY”

Map an Application to a Connection

The next step is to associate the application with the desired connection.

  1. Login to the Auth0 dashboard.
  2. Navigate Authentication > Database > <connection-name> > Applications [ select from the menu ].
  3. Toggle the green slider next to the application name to enable access to the connection. The following graphic gives an example of what this might look like.

  1. Now try to signup a user from within the application. After making this adjustment, there should be no error.

Attempting to create a user via the Management API should now also work.

Related References