Error add permission from API

martin5 · April 4, 2020, 11:44pm

Hi,
I am implementing some backend logic and I would like to create some permissions on the fly so I can add them to my user roles when specific user events occur.

I found this page on how to update permissions on a specified API, but when I call it , get a strange error:

{
    'error': 'Bad Request', 
    'errorCode': 'invalid_body', '
    message': ""Payload validation error: 'Expected type object but found type string' 
    on property scopes[3]. (also) Payload validation error: 'Expected type object but 
    found type string' on property scopes[2]. (also) Payload validation error:
     'Expected type object but found type string' on property scopes[1]. 
    (also) Payload validation error: 'Expected type object but 
    found type string' on property scopes[0]."", '
    statusCode': 400
}

My backend is in python and this is what I did:

import os
import requests

AUTH0_BASE_URL = os.getenv("MY_ENV_VAR")

def add_permissions_to_api(apiid, permissions):
    """
    add a permission to a specified api
    
    @params apiid: string of api id: eg for _my_api <api_id_hex_string>
    @param permissions: List[tuple] list of (permission name, permission description)
        eg: [("read:test1", "read on resource test1"), ("write:test2", "write permission on resource test2")]
    """
    ENDPT = "api/v2/resource-servers"
    auth = get_token()
    headers = {"Authorization": f"{auth['token_type']} {auth['access_token']}"}
    data = {"scopes":[dict(zip(("value","description"),(i[0], i[1]))) for i in permissions]}
    url = "/".join([AUTH0_BASE_URL, ENDPT, apiid])
    return requests.patch(url, data=data, headers=headers).json()

I checked many times and I have formatted my payload exactly as in the example link above.

Any idea how I can deal with this please?

Thanks

david.dorsett · February 3, 2021, 6:40pm

Anymore on this? I’m getting the same error type to create by POST /clients with a client_metadata object property, using python. The dictionary is correct, the string representation is correct, but the Auth0 mgmt API throws a 400 error with message’: "Payload validation error: ‘Expected type object but found type string’ on property client_metadata (Metadata associated with the client, in the form of an object with string values (max 255 chars). Maximum of 10 metadata properties allowed).
Print of the body dictionary: {‘name’: ‘test-1’, ‘app_type’: ‘regular_web’, ‘token_endpoint_auth_method’: ‘client_secret_post’, ‘client_metadata’: {‘tenantId’: ‘c5c1b7b1-d35b-4cb1-8e39-10518f2deeaa’}}

What’s wrong with this??

david.dorsett · February 4, 2021, 9:50pm

Figured it out. I was inadvertently using the ‘data’ attribute of python request module rather than the ‘json’ attribute in the POST.

konrad.sopala · February 5, 2021, 7:54am

Glad you have figured it out and thanks for sharing it with the rest of community!

system · February 20, 2021, 7:55am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.