Management API - Scope

Hi There,

I’ve almost figured out how the Management API works. However I am running into a few issue when I submit a “User Update” API post. When I’m in the Auth0 Management API pages and make a API post under Test this endpoint" the update occurs just fine. However when I submit API post from my website I get a response of 200, but the user update does not occur. Not sure if I am submitting the scope properly.

I am using postman to test:

URL I’m posting to: {{base_url}}/users/auth0%7C6494bb02f1ac1401362d9cca


{ “scope”: “update:users”, “email”: “”, “given_name”: “Hebster”, “family_name”: “Reynolds”, “name”: “Hebster Reynolds” }


{“created_at":“2023-06-22T21:20:02.333Z”,“email”:"”,“email_verified”:true,“identities”:[{“user_id”:“6494bb02f1ac1401362d9cca”,“connection”:“dhaAuth0”,“provider”:“auth0”,“isSocial”:false}],“name”:“Heber Reynoso”,“nickname”:“heberr”,“picture”:“",“updated_at”:“2023-06-23T15:56:10.571Z”,“user_id”:“auth0|6494bb02f1ac1401362d9cca”,“family_name”:“Reynoso”,“given_name”:"Heber”}

The user data does not change. Is there some sample code on how to submit a scope?

Thanks in advanced for any guidance.

Hey there @heberr1!

What exactly are you attempting to update? The update:users scope is required by a Management API access token (associated with a m2m app) to update a user - Scopes are not directly associated with users but rather with the applications. The scopes in Auth0 represent the permissions that an application (client) can have.

When you make an authorize request, you request these scopes, and they get included in the access token if the user grants permission. This is part of the OAuth 2.0 framework, which is designed to let applications have limited access to user accounts.

I am trying to update the given_name, family_name & name of a user account. I am sending the Bearer token and I certain the update:users scope is allowed. Again right now I am testing with Postman and seem to get a status of 200 but the user account details does not change unless I submit under the Auth0 Management documentation page.

Any other suggestions?

Thank you

1 Like

Thanks for clarifying!

I’ve gone through the exact same process and used a body of the following in Postman:

   "family_name": "Test",
    "given_name": "Test",
    "name": ""

The user profile is updated and reflect in a GET to /api/v2/users/user_id as well as in the user profile in my dashboard.

Still will not update the basic details. Do API calls work with a free Auth0 account? Not sure what I am doing wrong.

Hey @heberr1 thanks for the screenshot!

Do you mind sharing the PATCH code from Postman (remove access token)? You can grab it by clicking the </> icon in the upper left corner. Here is mine for example:

curl --location --request PATCH '|622bc0a00699ee0f0' \
--header 'Authorization: Bearer XXX' \
--header 'Content-Type: application/json' \
--header 'Cookie: did=XXX' \
--data-raw '{
   "family_name": "test",
    "given_name": "test",
    "name": ""

And just to be sure - You are running this as a PATCH prior to the GET shown in the screenshot?

I guess I am not using “Patch”.

curl --location --request GET ‘|6494bb02f1ac1401362d9cca
–header ‘Content-Type: text/plain’
–header ‘Authorization: Bearer XXX’
–data '{ “given_name”: “Hebster”, “family_name”: “Reynolds”, “name”: “Hebster Reynolds” }

Would I add “PATCH” as a header variable?

Hey @heberr1, thanks for confirming! If using Postman, you’ll just need to switch the request to PATCH - See screenshot below:

That worked, Thank you so much for your help.

That’s great news :rocket: Happy to help!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.