I am following the quick start guide for react. I copied all the code for calling an api and everything before it such as login button, logout button, and profile page. However, my fetch to the api to read the current user is always returning this error: Cannot read properties of undefined (reading ‘sub’). I’m not sure how to fix this error and was wondering if anyone could help. Thanks in advance.
Correct, but later down the line I would like to use the management api to update my user. The work around I’m currently implementing is storing a user model in my database, but obviously it would be more convenient to update the user on auth0 database.
Do you plan on only updating userMetadata? As Management API Access Tokens in a SPA are limited in scope, it may be easier/more flexible to add metadata as a custom claim(s) in tokens and access it through the user object directly. As far as updating a user, if you need to update more than userMetadata it would be best to consider proxying the request through a backend service - This allows for fully scoped Management API Access Tokens:
I appreciate the response. I now understand that I am unable to update the user from the SPA and instead will have to go through my backend. However, shouldn’t the code above theoretically work. I remember seeing somewhere that reading the current user through the management api is possible through the SPA.
That’s correct, you should be able to read user metadata through the SPA - I don’t see anything that immediately stands out in your code, but I’ll try to test this flow in my own environment to see what I can come up with.
While not exactly your code, I was able to get it working by building off the React sample app.
Here’s my index.js
import React from "react";
import ReactDOM from "react-dom";
import "./index.css";
import App from "./App";
import * as serviceWorker from "./serviceWorker";
import { Auth0Provider } from "@auth0/auth0-react";
ReactDOM.render(
<Auth0Provider
domain="{your_domain}.us.auth0.com",
clientId="{client_id}",
authorizationParams={{
redirect_uri: window.location.origin,
audience: "https://{domain}/api/v2/",
scope: "read:current_user"
}}
>
<App />
</Auth0Provider>,
document.getElementById("root")
);
// If you want your app to work offline and load faster, you can change
// unregister() to register() below. Note this comes with some pitfalls.
// Learn more about service workers: https://bit.ly/CRA-PWA
serviceWorker.unregister();
Another question that came up in my mind is that whenever I add the audience and scope parameter for the authorization params my user in const { user } = useAuth0(); only displays a sub field rather than everything else in the meta data such as name, email, etc. Why is this?
Additionally, if I wanted to work around this by making a call to the backend to get the user meta data would I still have to include the audience and scope the authorization params?
If you inspect the request to /authorize (browser dev tools) do you see any other scopes being passed? You’ll just want to make sure openid and profile are being passed as well to get more claims on the user.
No, basically you would authorize the user to call your own API/backend - Your API would validate this request and then make a M2M call to Auth0 Management API on behalf of the user.