Patch user data/ Gain management access_token

giovanni.bergamotti · March 30, 2022, 9:48am

Hello everyone,
I’ve been trying to patch users through the api:
/api/v2/users/{id}
However I get a response with content:
error message: You cannot update the following fields
error: insufficient_scope
After a bit of research (and i mean a lot) I figured out that the token that i was supposed to send to that API is a management token, therefore I created a machine to machine app utilizing the Auth0 Management API (and yes I’ve checked the box for authorize) and followed the code snipped provided by auth0 on the quickstart of the app:

var client = new RestClient(“https://dev-glx966xm.us.auth0.com/oauth/token”);
var request = new RestRequest(Method.POST);
request.AddHeader(“content-type”, “application/json”);
request.AddParameter(“application/json”, "{"client_id":"client_id","client_secret":"client_secret","audience":"https://dev-glx966xm.us.auth0.com/api/v2/\“,\“grant_type\”:\“client_credentials\”}”, ParameterType.RequestBody);
IRestResponse response = client.Execute(request);

Im sure the client id and client secret are correct, however this request returns the following response:
“error”: “access_denied”,
“error_description”: “Unauthorized”

Does anyone have any idea of what could be the problem that prevents me from receiving the management access_token?

rueben.tiow · March 30, 2022, 6:08pm

Hi @giovanni.bergamotti,

Welcome to the Auth0 Community!

I understand you encountered issues when updating users with the Management API, specifically with the insuffiecient_scope error.

This happens whenever the Access Token you request for the Management API does not have the required scopes to update users.

To address this, first, verify the scopes in your current Access Token in jwt.io. If you find that the required scopes are missing, then navigate to your Auth0 Dashboard > Applications > YOUR M2M App and click on the APIs tab.

On there click on the Management API and make sure that you have the required scopes checked. I suggest checking all the scopes unless there is a reason to limit access.

Once that’s complete, you will be able to get access tokens to update users with the Management API.

Alternatively, you can use the built-in API Explorer Application to accomplish the same results. To do so, navigate to your Auth0 Dashboard > Applications > API > Auth0 Management API and click on the Test tab.

On there you can find a code snippet that implements the client credentials grant to get an access token for the Management API. Similarly for your other M2M applications. See below.

Hoped this helps!

Please let me know if you have any further questions.

Thank you.

Topic		Replies	Views
Update user email with API gives insufficient_scope Help management-api , scopes , email , update-profile	4	6356	March 2, 2018
Auth0 permissions error: read:user_idp_tokens Help auth0	2	1789	December 22, 2022
Unable to update user's information Help management-api , users	5	1613	June 8, 2023
Forbidden: Insufficient scope, expected one of: read:users AND read:roles, OR read:role_members Help auth0 , api , rules , management-api , access-token	4	5612	July 28, 2022
Minimum scopes for the Auth0 Management API Help	3	3288	December 23, 2021

Patch user data/ Gain management access_token

Related Topics