Escaping in the management api

ruan · August 5, 2019, 11:28pm

Hey,

I’m seeing a slightly weird issue. When I use the API Explorer things go just fine.

However, from my code, when I escape the payload i.e

"{\"app_metadata\":{\"organization_uuid\":\"blah\"}}"

The API returns a 400.

Anyone know how to get past this one?

jmangelo · August 6, 2019, 7:11am

The Management API accepts JSON encoded request bodies so for that example what should be sent would be:

{ "app_metadata": { "organization_uuid": "blah" } }

You should share your code because the exact things you’ll need to do in order to ensure that valid JSON gets sent depends a lot on the exact code being used.

ruan · August 6, 2019, 7:13am

Here is my code @jmangelo

def update_user(account, organization_uuid) do
headers = [
  {"authorization", "Bearer " <> get_token()},
  {"accept", "application/json"}
]
payload = %{"app_metadata" => %{"organization_uuid" => "#{organization_uuid}"}}
body = Jason.encode!(payload)
response = HTTPoison.patch Application.get_env(:admin, :auth0_api_base_url) <> "/api/v2/users/" <> account.auth_ref, body, headers
case response do
  {:ok, response} ->
    Jason.decode!(response.body)
  {:error, response} ->
    response
end
end

ruan · August 6, 2019, 9:31am

@jmangelo getting the same for roles now but the user update seems fixed? I didn’t change anything.

def update_user_roles(account, role) do
# POST	/api/v2/users/{id}/roles
headers = [
  {"authorization", "Bearer " <> get_token()},
  {"accept", "application/json"}
]
payload = %{"roles" => ["#{role}"]}
body = Jason.encode!(payload) |> IO.inspect
response = HTTPoison.post Application.get_env(:admin, :auth0_api_base_url) <> "/api/v2/users/" <> account.auth_ref <> "/roles", body, headers
case response do
  {:ok, response} ->
    IO.inspect Jason.decode!(response.body)
  {:error, response} ->
    response
end
# DELETE	/api/v2/users/{id}/roles
end

ruan · August 6, 2019, 10:31pm

Here is the request and response:

{:ok,
 %HTTPoison.Response{
   body: "{\"statusCode\":400,\"error\":\"Bad Request\",\"message\":\"Payload validation error: 
'Additional properties not allowed: 31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 (consider storing them in app_metadata or user_metadata. See \\\"Users Metadata\\\" in https://auth0.com/docs/api/v2/changes for more details)'.\",\"errorCode\":\"invalid_body\"}",
   headers: [
     ...
   ],
   request: %HTTPoison.Request{
     body: "{\"roles\":[\"myroleid\"]}",
     headers: [
       {"authorization",
        "Bearer mytoken"},
       {"accept", "application/json"}
     ],
     method: :post,
     options: [],
     params: %{},
     url: "https://mytenanturl/api/v2/users/myuserid/roles"
   },
   request_url: "https://mytenanturl/api/v2/users/myuserid/roles",
   status_code: 400
}}

The issue to patch users seemed to self resolve – was an update made? Can someone please let me know?

dan.woda · August 7, 2019, 1:37pm

Continuing the conversation from your request on twitter.

Did @jmangelo suggestion work? It looks like that might have solved your first issue and your body looks the same for your roles call.

Let me know,
Dan

jmangelo · August 7, 2019, 1:49pm

As Dan mentioned the body appears again with the escaped quotes, but that may be due to how it’s being outputted so that may had been a red herring.

According to Google that code seems to be Elixir which I confess I never wrote a single line of code with it so take what I said with a grain of salt. One thing I noted is that you’re not sending a content-type header informing the API that you’re sending JSON (application/json). Can you check if adding that header makes any difference?

ruan · August 7, 2019, 2:19pm

@jmangelo I do set the content-type in the header, but thanks

@dan.woda Things seemingly started to work on their own, I didn’t make any change to the code and things started to work a little later after I made the post.

I use a JSON library which encodes the JSON as per RFC spec, and I use the same library on various other APIs. Somehow though, on this endpoint, the escaping is a problem.

The totally weird thing is that I generate a new token just fine, I can update the user with some metadata just fine, but I can’t seem to update the role.

dan.woda · August 7, 2019, 5:41pm

I have to confess I am not familiar with Elixir either. But it sounds like this is something related to the payload syntax or the headers like @jmangelo mentioned.

I am wondering if the headers should be formatted like this: Authorization: <type> <credentials>

ruan · August 7, 2019, 7:57pm

Thanks @dan.woda the headers seem fine. Let me try some other options and see.

Topic		Replies	Views
Update user metadata not working Help user_metadata	4	3737	September 16, 2021
Management API returns 400/Connection refused Help	10	5682	August 18, 2020
How to get escaped app_metadata to work with import users endpoint Help management-api , user-import	1	3581	March 2, 2018
400 response when trying to set user permissions for a client from Management API Help jwt , api	8	5971	July 14, 2021
How to update user metadata Help management-api , users	3	1486	February 9, 2023

Escaping in the management api

Related topics