Context: this post is in relation to the PATCH: User endpoint
Scenario: The user would like to update the Email and Phone Number on their account.
Given the following user (regular Username-Password-Authentication) with several identities (linked passwordless sms and email).
{
...
"email": "test@example.com",
"email_verified": false,
"identities": [
{
"user_id": "63f2c846a92d45e16d7c9c48",
"provider": "auth0",
"connection": "Username-Password-Authentication",
"isSocial": false
},
{
"profileData": {
"phone_number": "+61499999999",
"phone_verified": false,
"name": "+61499999999"
},
"user_id": "63f2cb8e262b779598ba5d94",
"provider": "sms",
"connection": "sms",
"isSocial": false
},
{
"profileData": {
"email": "test@example.com",
"email_verified": false
},
"user_id": "63f2ccc3262b779598ddc1ef",
"provider": "email",
"connection": "email",
"isSocial": false
}
]
...
}
This can be achieved by making an API call using the following guide: How do you update details of secondary linked accounts? - #5 by konrad.sopala
The is a limitation however on what information can actually be updated, which seems to be undocumented.
Given the following request:
curl --location --request PATCH 'https://{DOMAIN}/api/v2/users/{PRIMARY_IDENTITY_ID}' \
--header 'Authorization: Bearer ' \
--header 'Content-Type: application/json' \
--data-raw '{
"phone_number": "{NEW_PHONE_NUMBER}"
"name": "{THIS_IS_A_TEST}"
"connection": "sms"
}'
This will actually result in the following error:
{"statusCode":400,"error":"Bad Request","message":"The following user attributes cannot be updated: name. The specified connection (sms) belongs to a secondary identity.","errorCode":"operation_not_supported"}
Omitting the name parameter, as the error suggests yields a successful response but the data will look like the following:
...
"profileData": {
"phone_number": "{NEW_PHONE_NUMBER}",
"phone_verified": false,
"name": "+61499999999" <--- what is the point of this?
},
...
Here are my questions:
- What is the reason the name field is retained? When linking a “Username-Password-Authentication” account with an sms connection why is this field here when it can’t be changed?
- During the linking process can this field be nullified so it doesn’t exist and I won’t need to worry about it.
- Can we get a comprehensive list of attributes which can be modified on linked secondary account.
References: