Hi,
I want my backend which uses the management API to be permitted to read only the users’ information without the users’ app metadata.
I created an M2M app and defined the permissions for the Auth0 management API only to read:users
without the read:users_app_metadata
permission.
But with this permission, I was still able to read the whole user data including the user’s app metadata.
Is there a way to limit the permissions to be able to read users without the app metadata?
Alternatively, if I define only the read:users_app_metadata
permission, which endpoint do I use to retrieve only the user’s app metadata? This permission is not sufficient to call the get_users endpoint so which endpoint this permission is good to?