Auth0 Home Blog Docs

GET /api/v2/clients does not allow specifying client_metadata as a field to return



The “get all clients” endpoint does not seem to allow specifying client_metadata field even though it is returned from the result if you don’t specify it.!/Clients/get_clients

Hitting GET gives me the following error:

  "statusCode": 400,
  "error": "Bad Request",
  "message": "Query validation error: 'String 'client_id,name,client_metadata' does not match pattern. Must be a comma separated list of the following values: name,description,callbacks,allowed_origins,client_id,tenant,global,config_route,callback_url_template,jwt_configuration,jwt_configuration.lifetime_in_seconds,jwt_configuration.secret_encoded,jwt_configuration.scopes,jwt_configuration.alg,api_type,logo_uri,allowed_clients,owners,custom_login_page,custom_login_page_on,sso,addons,form_template,custom_login_page_preview,encryption_key,,encryption_key.cert,client_secret,signing_keys,mobile,,mobile.ios,token_endpoint_auth_method,allowed_logout_urls,app_type,is_first_party,oidc_conformant,is_token_endpoint_ip_header_trusted' on property fields (A comma separated list of fields to include or exclude (depending on include_fields) from the result, empty to retrieve all fields).",
  "errorCode": "invalid_query_string"

If I don’t specify any fields, I get a 200 back with all fields, including client_metadata. I think there’s a bug in request input validation for this endpoint.