How to remove restricted value in app_metadata?

We have been adding a restricted key (user_id) to the app_metadata. I want to stop doing this, but I can’t seem to edit the metadata from the dashboard for existing users.

The error is:

Error!Payload validation error: ‘Invalid property app_metadata.user_id’

Is there any way I can fix existing app_metadata? I would rather do this manually via the dashboard rather than figure out how to do so via the REST API, as we only have a small number of developers with accounts right now.

1 Like

Hi @richard.matsunaga

Welcome to the Auth0 Community!

You should be able to edit any app_metadata property. It sounds like this may be a UI bug or an issue with what you are trying to update. Could you please post a sample of the existing properties and what you are trying to replace them with? Please exclude/obscure any sensitive info.


  "tenant_id": "zOXyAmg23gbF3dxpR6nP6"


  "user_id": "v_DlVTlCkxySBGzO2TnQA"

I want to do 2 things, move the tenant_id to app_metadata where it belongs and rename or remove the user_id that we have generated that is a restricted key and appears to override the auth0-generated user_id.

We have an action flow step on login that adds these 2 values to the access token. Could that be preventing edits here?

I think I see what is happening.

  • The user_id field isn’t allowed in app_metadata (more on that here).
  • You were able to find a workaround to set it (I’m going to file a bug report for this)
  • The Dashboard UI tries to clear it out by setting "user_id":null, which isn’t allowed.

I was able to clear it out by making an API call (I know you were trying to avoid this, sorry!).

The good news: You can use our management API explorer to do this fairly easily.

Using the Management API Explorer Update a User endpoint, you can send a request without much code. All you need is a valid token, the user_id (not the one in app_metadata :smile:) from the dashboard, and this body {"app_metadata":{}} to clear the user’s app_metadata.

Like this:

Let me know if you have any questions!

Wanted to add that we were also able to set a restricted field in app_metadata. We did it via a custom database action script.

1 Like