Auth0 Home Blog Docs

Modify user_metadata with access token

user_metadata

#1

I’ve been looking for an answer but I haven’t found one.
Is there a way that I can modify the data in user_metadata after I did a normal login?
What I mean is: can I allow the user that has just logged in using the normal oauth to call an endpoint to modify the data, if yes: what’s the endpoint or SDK api to do so?

I read that the user can modify user_metadata e read only app_metadata, but I cannot find an example how to do so.

I know I can modify the data using the token specific for API management with the right scope, but I’m not able to login with the scope to change it from a normal client, and I’d like to avoid to need to create a API layer just to receive the request from the user and then modify the user with the admin Management API.


#2

You can get a Management API access token, that is, a token that has an audience similar to this one https://YOUR_TENANT.REGION.auth0.com/api/v2/ that has a set of scopes that allows it to perform certain actions on the user that has logged in without having to create an extra API layer. The scopes that you can access this way are the following:

read:current_user
update:current_user_identities
create:current_user_metadata
update:current_user_metadata
delete:current_user_metadata
create:current_user_device_credentials
delete:current_user_device_credentials

If you want to update the user’s metadata, you would use this scope update:current_user_metadata. You would then call the corresponding Management API endpoint with that token.

Please take into consideration that the user will receive a consent dialog if you are using localhost or if your Management API doesn’t have the “Allow Skipping User Consent” switch turned on.

You can find more information about this in this document.