The mgmt api docs state that app_metadata will be merged with a user update however, it seems that is not always the case if the update happens immediately after create in some situations. Auth0 Management API v2
I’m sure a simpler repro exists but I’m not set up to create one, so I’ve ripped out some of the relevant code from my app and posted it here in a gist with some comments: app_metadata is replaced, and not merged · GitHub
Pre-req: custom db with scripts that set app_metadata on create, login, get_user, etc.
(Docs on db scripts are lacking so I’m not entirely sure where the correct spot is to inject app_metadata so I set app_metadata everywhere – always to the same value.)
Using that gist a reference, the short of what’s happening is:
-
[Works] Create a new auth0 user with authentication api: app_metadata is replaced, and not merged · GitHub
-
[Works] Auth0 calls the custom db scripts which adds some initial app_metadata
-
[Works] Poll the mgmt api for consistency (i only added this when this problem arose. ideally it’d be unnecessary): app_metadata is replaced, and not merged · GitHub
-
[Doesn’t work] This creates a new identity for the user and is supposed to add a new property in app_metadata (however it ends up replacing it): app_metadata is replaced, and not merged · GitHub
After 4 runs, the app_metadata value REPLACES user.app_metadata – and does not merge. e.g.:
Before #4 user.app_metadata is: app_metadata: { set_in_db_script: 'hello from db' }
4 does PATCH to: app_metadata: { set_elsewhere: 'world' }
Expected result: app_metadata: { set_in_db_script: 'hello from db', set_elsewhere: 'world' }
Actual result: app_metadata: { set_elsewhere: 'world' }