Auth0 Home Blog Docs

Is it possible to add allowed web origins with the management API

management-api
web_origins
allowed-origins

#1

We are using Heroku review apps.

@matias is it possible to configure “Allowed Web Origins” for a client via the Auth0 Management API v2?


#2

A client can be created or updated with the Allowed Web Origins, from the Management API v2. To create a client, you can use the [POST /api/v2/clients] (https://auth0.com/docs/api/management/v2#!/Clients/post_clients) endpoint and to update an existing client you can use [PATCH /api/v2/clients/{id}] (https://auth0.com/docs/api/management/v2#!/Clients/patch_clients_by_id). In either case, the Allowed Web Origins field of the client is filled in using:

{
 "web_origins": 
    "https://example.com:3000"
  ]
}

#3

I am trying to set “web_origins”, and it won’t work. I have tried “allowed_web_origins” which would be a little more symmetrical with the rest of the properties and that doesn’t work either. When I set the value in the Auth0 UI (say: http://localhost:16000) and then pull the Client template down using the API, there is relevant property defined that I can set. Please could you clarify how I set this via the API.


#4

The penultimate line should have read “…there is NO relevant property that I can set”. I am using the .NET SDK Auth0.ManagementApi, Version=4.5.0.0 - and using the methods: .Clients.CreateAsync / .Clients.UpdateAsync - I can see a 200 success in Fiddler and all other properties are set correctly.


#5

The ability is allowed at the Management API level as mentioned in the reply above, however, certain SDK’s may not yet expose that ability. You may want to consider opening this as an issue or pull request in the associated repository. To my knowledge we don’t provide concrete timeline for new functionality exposed in the API to be available in all SDK’s so raising awareness or providing a PR at the SDK level may reduce the waiting time.


#6

I see the property in Fiddler, so the SDK has passed it through into the request.


#7

That seems associated with a GET request; in this situation the SDK performs a request to get all client information and the API will respond to that with what it supports. However, some of the data/fields in the response may still not have first-class support in the SDK itself.

I checked the client models (https://github.com/auth0/auth0.net/blob/master/src/Auth0.ManagementApi/Models/ClientBase.cs) / (https://github.com/auth0/auth0.net/blob/master/src/Auth0.ManagementApi/Models/ClientCreateRequest.cs) and none seem to have support for web_origins.


#8

Ah, yeah. I needed to set it in the UI to get my app working. Ok, I’ll create a PR. Thanks.


#9

@michaeldtaylor did you create a PR for this?