Hello,
I’m developing a React app (single page app) in which a user has the option of updating its email/password/profile picture. The user makes the request via a form which is later sent to my backend via an API call alongside the access token, so it can be processed. The problem is that when I retrieve the access token in the frontend, the scopes I have selected (openid profile email update:users create:users delete:users create:current_user_metadata update:current_user_metadata read:current_user update:current_user_metadata) aren’t there, only “openid profile email create:current_user_metadata update:current_user_metadata read:current_user” are returned. When I call the auth0 management API with
await fetch('https://{tenant_name}.eu.auth0.com/api/v2/users/' + user_id, { method: 'PATCH', headers: {authorization: token, 'content-type': 'application/json'}, data: {"connection": "Username-Password-Authentication"}, body: JSON.stringify({email: new_email}) }).then( response => response.json() ).then( success => res.status(200).send({message: "Email has been changed!"}) ).catch( error => res.status(500).send(error) );
I get an error message saying I need update:user scope.
I have two apps in my Auth0 dashboard, my main Single Page App for the React app and a machine-to-machine app that has the permissions I need from the management API. I’ve tried using the machine-to-machine’s client ID but, obviously. Is there something I’m missing that doesn’t allow me to get the scopes I need?
Thank you beforehand!