Hello,
We are facing a scenario where a user would login / sign in with the Facebook social auth, but the when the user created his FB account, he did it with his phone number instead of his email.
Thus there wouldn’t be an email for the user, but our app needs one.
What we are doing at the moment is:
the user sign in, if social is facebook then we show a page asking for the user to enter an email address.
Nonetheless even after trying many ways of doing it, on my side or on the docs/api/management I’m always facing the error:
{“statusCode”:400,“error”:“Bad Request”,“message”:“Cannot update email for this user”,“errorCode”:“operation_not_supported”}
Thus I’m wondering, is it because of the FB connexion or because we didn’t configure the fb app correctly?
Many thanks!
1 Like
Hello,
More details would be helpful. Without seeing the code that creates the error it is hard to identify what is going on.
One possibility: if you are connecting to the management API via user credentials (as opposed to machine-to-machine/client credentials), you do not have permissions to update other users’ info.
John
Hello John,
Thank you for your answer.
The basic test is to use the Auth0 Management API - API Explorer and try to do it with the Token generated within the API Explorer, but no success.
On Parameters we put the user ID: facebook|101220414140
and the body is very succinct:
the new email to patch, the connection being “facebook” and client_id that has been pre filled (I’ve tried the one from the app, the one from the management API etc)
I’ve tried to create a machine-to-machine application (with all scopes available) for the test, and use the client_id from it but same 400 error
Hi Emotech,
I did some testing - I’m pretty sure you cannot do exactly what you are trying. The e-mail address belongs to Facebook, not to Auth0, so you are unable to change it (it would require Auth0 making an API call to Facebook to change the e-mail address, which is a very bad thing).
Depending on your use case, you should be able to find a way to do what you want. You have both user and app metadata for your facebook users, where you can store additional info. This is not completely ideal, as storing the e-mail here would make it possible to get out of sync with the facebook e-mail. But it is a possibility.
Take a look at your use case, make sure you really want to change the e-mail (knowing that you cannot change the e-mail address of the user’s facebook account), and if so, you can use the metadata.
John
1 Like
Hi John,
Thanks a lot for your reactivity.
Yes the problem is that we’ll face this use case only for users whom have registered with their mobile phone.
Thus they don’t have an email when sign-in our app.
I think we’ll use the metadata then.
Many thanks!