Error "Forbidden attribute in app_metadata: username" when Creating a User via API Call

auth0.knowledge3 · December 2, 2024, 2:35pm

Overview

When creating a user via Management API call and sending this profile:

{

"email": "someuser@somemail.com",

"user_id": "xyz123",

"username": "someusername",

"given_name": "Some",

"family_name": "Name",

"name": "Some Name",

"password": "P@ssw0RdH@r@",

"app_metadata":

{

"foo": "bar",

"username": "someOtherName"

}

}

the request fails with:

“message”: “Forbidden attribute in app_metadata: username”,

However, the attribute name “username” is not listed among the documented restrictions.

This article details why this error is encountered.

Applies To

User profile
User schema
app_metadata

Cause

The app_metadata field is merged onto the root profile in both Rules and Actions, which may override root profile fields.

Solution

Avoid using the same name for app_metadata fields and root profile fields.

Related References

This behavior is documented here: Metadata Field Names and Data Types.

Topic		Replies	Views
Able to Create Users with Restricted app_metadata Fields Knowledge Articles app_metadata , create-user , restricted	1	163	May 20, 2024
Update a user API does not allow updating name Help user-creation , users , user-profile , user , profile-update	18	11162	March 2, 2018
app_metadata key value changes when using api v2 Help app_metadata , v2	3	3909	March 2, 2018
How to remove restricted value in app_metadata? Help auth0	5	2111	June 28, 2022
Access Denied when trying to use api.user.setAppMetadata Help management-api , actions-management-api	6	1631	March 23, 2023