Impossible to update E-mail and Password

I’m trying to update the user profile, email, password, and metadata.

The idea is to give the user the option to change in our app their profile data, such email, password and some user metadata.

Update the metadata, is OK. But, email and password are impossible. Tried a thousand of ways.

1. I get the Access Token

     const accessToken = await getAccessTokenSilently({
        audience,
        scope:
          "profile user_metadata update:current_user update:current_user_metadata update:current_user_identities",
      });
   

2. Send the Patch

if (isAuthenticated) {
const users = ${audience}users;
const userId = user.sub;

    Axios.patch(
      `${users}/${userId}`,
      {
        user_metadata: {
          first_name: "First",
          last_name: "Last",
        },
        email: "test@test.com",
        password: "teste"
      },
      {
        headers: {
          Authorization: `Bearer ${accessToken}`,
        },
      }
    ).then((response) => {
      console.log("RESPONSE", response);
    });
  }

3. No way, I tried different of scopes. All I got is:

{"statusCode":403,"error":"Forbidden","message":"You cannot update the following fields: password","errorCode":"insufficient_scope"}

0. Our login page has the following scopes:

   <Auth0Provider
   domain={config.domain}
   clientId={config.clientId}
   audience={config.audience}
   redirectUri={${window.location.origin}/cvm}
   onRedirectCallback={onRedirectCallback}
   scope=“profile user_metadata update:current_user update:current_user_metadata update:current_user_identities”
   useRefreshTokens={true}
   >

I need help, please. It shouldn’t be too difficult.

I got it!

When using SPA (such as React), the scopes are limited .

Now, I’ll create and end-point in our API exclusively to change that information.

Glad you have it eventually figured out!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.