First post here - simple problem but I can’t seem to find where I am at fault. All I’m trying to use is the update user API, simple right? And what’s more I have it working on a project for work, but I can’t seem to find out what’s wrong with a hobby project at home.
So what I’d like to confirm is a basic checklist on setting this up.
I’m calling the URL:
PATCH: https://[tenant].au.auth0.com/api/v2/users/auth0%7Cvhaasdfikljkasdfasfd%3Bl… Note that while this is not a real user_id, I am urlencode-ing the user in the request.
On this tenant, I have one application, the CLIENT_ID and CLIENT_SECRET of which that I’m using to get the authentication token.
This application is authorized in the Management API, which has full permissions.
The end result - I’m bizarrely getting a 404. Can someone tell me what I might have missed?
In order for you to call management api, you first need to make sure you have a machine to machine application and it has been authorized to call Auth0 management API. After that depending on what endpoint you are calling, you must also give the appropriate permission/scope to the M2M application while authorizing it. In your case it would be update:users scope.
Final piece of the puzzle is to get a access token to call Auth0 management API using client credentials grant (not code grant). Please refer to this doc for more detailed step by step instruction to get this working https://auth0.com/docs/api/management/v2/tokens
It is possible I might be misunderstanding your situation. If so please can you explain your flow bit more in detail?
The main clarity you gave me is that the application ID/Secret had to be that of a Machine-to-Machine, but besides that, I had a few bugs in the custom HTTP class I had built to curl the requests, was incorrectly setting the verb from PATCH to POST when it wasn’t supposed to.