Auth0 Home Blog Docs

How to allow the end-user to update their own profile information?

profile
userinfo

#1

I want to to give the user the option to edit his own profile information in his profile page (within the client application).

I’m using Node.js and Handlebars; what’s the correct approach to implement?


#2

Well, it depends… Auth0 supports multiple types of authentication methods (aka connections) and in some of those the user authenticates with an external identity provider that may provide profile information as the result of the authentication process. In this scenario (think Google social authentication) the profile information is available/readable at Auth0, but owned by Google so the user would need to update it through Google directly.

If you’re using a traditional username/email and password credentials or other connections completely managed by Auth0 then you’ll have the ability to manage the user record (for supported fields) through the Management API user-related endpoints.

Additionally, independently of the method of authentication you can store additional metadata (user_metadata and app_metadata) associated to each user account. This information is stored at Auth0 and can be managed even for social users and the way to do it is also through the Management API endpoints.

Finally, if you want to allow the end-users themselves to edit this information, then you should store this information at the user_metadata level because it clearly reflects this is user managed information.

For Node.js there is a library that simplifies the process of performing calls to the Management API endpoints, your application would need to do the following high-level steps:

  1. Authenticate the user and establish some sort of mechanism that allows it to know which user is currently authenticated
  2. Expose a view and endpoint that when called will allow the user to edit its associated profile and/or user metadata; this endpoint should ensure that the user can only edit their own profile and not the profile from other users.
  3. Call the Management API from the endpoint mentioned before in order to actually update the information; see the following documentation for how to obtain access tokens valid for calling the Management API (https://auth0.com/docs/api/management/v2/tokens).

To my knowledge there is no sample code specific for the Node.js with Handlebars combination,
but the Management API is just an HTTP API so there is nothing specific here that would not be covered by general sample code that uses Node.js, Handlebars against HTTP API’s.


#3