The “get all clients” endpoint does not seem to allow specifying client_metadata
field even though it is returned from the result if you don’t specify it.
Hitting GET https://mycompany.au.auth0.com/api/v2/clients?fields=client_id%2Cname%2Cclient_metadata&include_fields=true
gives me the following error:
{
"statusCode": 400,
"error": "Bad Request",
"message": "Query validation error: 'String 'client_id,name,client_metadata' does not match pattern. Must be a comma separated list of the following values: name,description,callbacks,allowed_origins,client_id,tenant,global,config_route,callback_url_template,jwt_configuration,jwt_configuration.lifetime_in_seconds,jwt_configuration.secret_encoded,jwt_configuration.scopes,jwt_configuration.alg,api_type,logo_uri,allowed_clients,owners,custom_login_page,custom_login_page_on,sso,addons,form_template,custom_login_page_preview,encryption_key,encryption_key.pub,encryption_key.cert,client_secret,signing_keys,mobile,mobile.android,mobile.ios,token_endpoint_auth_method,allowed_logout_urls,app_type,is_first_party,oidc_conformant,is_token_endpoint_ip_header_trusted' on property fields (A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields).",
"errorCode": "invalid_query_string"
}
If I don’t specify any fields, I get a 200 back with all fields, including client_metadata
. I think there’s a bug in request input validation for this endpoint.