Auth0 Home Blog Docs

Is it possible to update user_metadata with the Authentication API?


#1

According to the documentation it is possible to set user_metadata during signup (POST) and read it again (GET) with the Authentication API. However, no information exists to update the information post-registration (PATCH) .

Do I miss something? I need this basic functionality to let users update their profile themselves.

I asked this question before, but it remained unanswered and I haven’t been able to solve this issue.


#2

You want the Management API.


#3

Thanks for your response.
I would prefer to do this with the Authentication API, but can I conclude that this won’t be possible?

The Management API does work indeed, but I don’t see how users would be able to update user_metadata from within the client app with this API.

I can only image that this would be possible to add a rule and send the user to a page where they can update their profile, and call the Management API. However, this affects the UX flow and I would expect that this can be avoided with the Authentication API. Or am I wrong?


#4

Hey there @Taco.

As @markd said the thing you need to use is Management API. It’s not possible to do it with Authentication API as its name tells it’s totally for different purposes. You can check both API explorers and endpoints they offer here:


#5

That’s unfortunate to hear, but at least it’s clear.
Since I do not own the back-end server myself I am not able to perform these administrative tasks with the Management API. Although I managed to perform these tasks on a client, I do not want to store the management API token on the client of course.

In fact, lack of backend access was one of the reasons to switch to Auth0… Or are there options to perform these tasks with an Auth0 tenant directly and using the API?


#6

Hello @Taco,

Can you provide more details on your use case? It’s not quite clear to me what you are trying to achieve.

Metadata is stored in Auth0, and an authenticated user can edit their own user_metadata if you provide them a means to do so. If your app provides, say, a mailing address field, and you are storing that data in user_metadata, then the user has the privileges needed to save that data.


#7

Hello @markd ,

my use case involves the possibility to store the date of the last session, but also to allow a user to change his or her name and/or e-mail address from within the appropriate fields in my iOS app.

What I meant with my comment is that although I succeed to do this through the Management API, I don’t want to store a Management API token on the client app. For example, in my App I am able to perform the following task in Swift equivalent:

curl https://mytenant.eu.auth0.com/api/v2/users/facebook%111111111111111 \
	-X PATCH \
	-H 'Authorization: Bearer MANAGEMENTTOKEN' \
	-H 'Content-Type: application/json' \
	-d '{
  "user_metadata" : {
    "name" : "newname"
  } }'

but this request requires the management token and should ideally be performed on a server. Unfortunately, I am not able to implement such a flow since I don’t have one under my control.

So, your last remark is interesting. However, I am a little bit confused since I understood from @ konrad.sopala that this is not possible with the Authentication API. E.g. the following does not work indeed:

curl https://TENANT.eu.auth0.com/userinfo \
-X PATCH \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer ACCESSTOKEN' \
-d '{ "NAMESPACEuser_metadata" : { "name" : "NEWNAME" } }'

where namespace is defined using a rule.

I would really appreciate to know what endpoint I should use from the Management API to patch user_metadata from within my iOS app and with just an access token available.

Thanks again!