Auth0 Home Blog Docs

Escaping in the management api

Hey,

I’m seeing a slightly weird issue. When I use the API Explorer things go just fine.

However, from my code, when I escape the payload i.e

"{\"app_metadata\":{\"organization_uuid\":\"blah\"}}"

The API returns a 400.

Anyone know how to get past this one? :frowning:

The Management API accepts JSON encoded request bodies so for that example what should be sent would be:

{ "app_metadata": { "organization_uuid": "blah" } }

You should share your code because the exact things you’ll need to do in order to ensure that valid JSON gets sent depends a lot on the exact code being used.

Here is my code @jmangelo

def update_user(account, organization_uuid) do
headers = [
  {"authorization", "Bearer " <> get_token()},
  {"accept", "application/json"}
]
payload = %{"app_metadata" => %{"organization_uuid" => "#{organization_uuid}"}}
body = Jason.encode!(payload)
response = HTTPoison.patch Application.get_env(:admin, :auth0_api_base_url) <> "/api/v2/users/" <> account.auth_ref, body, headers
case response do
  {:ok, response} ->
    Jason.decode!(response.body)
  {:error, response} ->
    response
end
end

@jmangelo getting the same for roles now :frowning: but the user update seems fixed? I didn’t change anything.

def update_user_roles(account, role) do
# POST	/api/v2/users/{id}/roles
headers = [
  {"authorization", "Bearer " <> get_token()},
  {"accept", "application/json"}
]
payload = %{"roles" => ["#{role}"]}
body = Jason.encode!(payload) |> IO.inspect
response = HTTPoison.post Application.get_env(:admin, :auth0_api_base_url) <> "/api/v2/users/" <> account.auth_ref <> "/roles", body, headers
case response do
  {:ok, response} ->
    IO.inspect Jason.decode!(response.body)
  {:error, response} ->
    response
end
# DELETE	/api/v2/users/{id}/roles
end

Here is the request and response:

{:ok,
 %HTTPoison.Response{
   body: "{\"statusCode\":400,\"error\":\"Bad Request\",\"message\":\"Payload validation error: 
'Additional properties not allowed: 31,30,29,28,27,26,25,24,23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0 (consider storing them in app_metadata or user_metadata. See \\\"Users Metadata\\\" in https://auth0.com/docs/api/v2/changes for more details)'.\",\"errorCode\":\"invalid_body\"}",
   headers: [
     ...
   ],
   request: %HTTPoison.Request{
     body: "{\"roles\":[\"myroleid\"]}",
     headers: [
       {"authorization",
        "Bearer mytoken"},
       {"accept", "application/json"}
     ],
     method: :post,
     options: [],
     params: %{},
     url: "https://mytenanturl/api/v2/users/myuserid/roles"
   },
   request_url: "https://mytenanturl/api/v2/users/myuserid/roles",
   status_code: 400
}}

The issue to patch users seemed to self resolve – was an update made? Can someone please let me know?

Continuing the conversation from your request on twitter.

Did @jmangelo suggestion work? It looks like that might have solved your first issue and your body looks the same for your roles call.

Let me know,
Dan

As Dan mentioned the body appears again with the escaped quotes, but that may be due to how it’s being outputted so that may had been a red herring.

According to Google that code seems to be Elixir which I confess I never wrote a single line of code with it so take what I said with a grain of salt. One thing I noted is that you’re not sending a content-type header informing the API that you’re sending JSON (application/json). Can you check if adding that header makes any difference?

@jmangelo I do set the content-type in the header, but thanks :slight_smile:

@dan.woda Things seemingly started to work on their own, I didn’t make any change to the code and things started to work a little later after I made the post.

I use a JSON library which encodes the JSON as per RFC spec, and I use the same library on various other APIs. Somehow though, on this endpoint, the escaping is a problem.

The totally weird thing is that I generate a new token just fine, I can update the user with some metadata just fine, but I can’t seem to update the role.

I have to confess I am not familiar with Elixir either. But it sounds like this is something related to the payload syntax or the headers like @jmangelo mentioned.

I am wondering if the headers should be formatted like this: Authorization: <type> <credentials>

Thanks @dan.woda the headers seem fine. Let me try some other options and see.