How can i unset ( remove) a username from a givem user

Get Help
,
1

Hi there,
In my tenant i allow my users login with an email and an optional username.
I have a requirement to prevent corporate users from logging in using the username ( the username should be null for corporate users.

how am i doing it so far:
i have a integration worker that grabs events on my internal system and uses the management api to create and update users.

The worker here is using the c# SDK from Auth0.

when this worker executes a specific use case it checks if the user it is updating is a corporate user or not .

on this, if i try to update the username for an empty string, the api will throw an exception with a message stating that the username length is wrong.

if i try to issue an update using just the username field and setting it to null , the managemt API will not accept it and return a message stating that required fields where not present on the request.

i am able to do this on the management web UI

On the management UI, if i grab a user that has a username, clear the textbox and submit, the username is cleared from the user in question.

i inspected the http PATCH issued by the management UI on my browser and the UI sends a HTTP Patch with a json object containing only the username field and a null value.

Something like:

{“username”:null} on the patch body.

The diference here being: the request is sent to a relative URL of the web UI so, im guessing that the web UI uses a BFF of sorts to proxy the requests.

Since the webUI is able to set the username to a null value , im wondering if its possible to do the same using the management API using the C# SDK.

Thank you

3

Update on the experiment:
Ran a test on postman using a patch setting the username to null and the API behaves as expected.

The problem here lies on the C# SDK and the way it exposes the operations.

The SDK defines a class UserUpdateRequest that contains all user attributes.
The API docs states that if you need to remove some attribute from the user, the request should specify null as a value of the field.

Since the SDK only have a typed method using the USerUpdateRequest class, and do not expose one generic method for the patch method, it cannot be done using the current C# SDK version.

As a workaround , included a httpclient on my service and used it in conjuction with a specific object to issue the patch on the user passing null.

not an ideal solution given now i have to maintain two distinct points in my code that makes requests to the management API but it works.

4

Hi @lafayette.duarte

I am sorry about the delayed response to your inquiry!

Thanks for providing further information on the matter.

Just to clarify, you have initiated a Management Client in your .NET application and when you have tried using the UserUpdateRequest class mentioned in this documentation?

It appears that the behaviour you have described so far is to be expected. In this situation, as you have mentioned in your second reply, the alternative would be to use an HttpClient as such:

var client = new HttpClient();
var request = new HttpRequestMessage(HttpMethod.Patch, "https://{tenantDomain}/api/v2/users/:id");
request.Headers.Add("Accept", "application/json");
var content = new StringContent("{\"username\":null}", null, "application/json");
request.Content = content;
var response = await client.SendAsync(request);
response.EnsureSuccessStatusCode();
Console.WriteLine(await response.Content.ReadAsStringAsync());

If you have any other questions on the matter, let me know!

Kind Regards,
Nik

5

Hi Nik,
Yes.
Since the UserUpdateRequest class the C# SDK defines has all of the other attributes, setting null on this field causes the PATCH call to fail. ( the instance of UserUpdateRequest would contain the other fields when the SDK serializes the request.)

Using the HttpClient works since there I am able to use a class containing only the field i’m trying to unset.

the downside here is that, now i need to take care of another piece of code that makes http requests to the management API and alongside with it all other details such as retry logic, rating limit backoff logic.

Not ideal but it works.

After my project gets to production and stabilizes, i will take a carefull look at the SDK implementation and , i am able to propose something usefull on this matter i will send a PR to the repo on github.

Thank you.