Hello.
I am looking for a way to safely update a list field that exists in app_metadata.
Specifically, let’s assume we have the following app_metadata
type AppMetadata = {
roles: string[];
};
The contents of roles will be replaced, so for example, to add ‘roleA’, the process would look like this
- Get
app_metadata.roles
with “Get a user API” - Add
roleA
toapp_metadata.roles
obtained above. - Update
app_meatdata.roles
with “Update a user API”.
However, this method causes TOCTOU problem because there is a time lag between acquisition and update.
To resolve this, I tried looking up keywords such as If-Match/If-Modified-Since/Atomic/Lock, but could not find any useful information.
So if there is a way to avoid the above TOCTOU in Auth0’s Management API, I would appreciate it if you could let me know.