Patching user_metadata using the Authentication API results in a 404 statuscode

I am struggling for already some time with updating user_metadata using the Authentication API (via endpoint

Creating a new user with user_metadata or reading the metadata works well, but when I try to patch this information I receive a statuscode 404.

What I did was creating a rule to include user_metadata and making a PATCH request to the userinfo endpoint of the Authentication API. Or in terms of a CURL command:

curl \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ABCD' \
	-d '{ "NAMESPACEuser_metadata" : { "name" : "NEWNAME" } }'

The rule was created as:

function (user, context, callback) {
  const namespace = 'UNIQUE NAMESPACE';
  context.idToken[namespace + 'user_metadata'] = user.user_metadata;
  callback(null, user, context);

However this results in

Status Code: 404, Headers {
     "Access-Control-Allow-Origin" =     (
     "Cache-Control" =     (
         "private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
     "Content-Encoding" =     (
     "Content-Type" =     (
         "text/html; charset=utf-8"
     Date =     (
         "Thu, 11 Oct 2018 08:51:40 GMT"
     Vary =     (
     "access-control-allow-credentials" =     (
     "content-security-policy" =     (
         "default-src 'self'"
     "x-auth0-requestid" =     (
     "x-content-type-options" =     (

With the management API I have no problems updating user_metadata . Why seems this not possible with the Authentication API (at least there seems no documentation available) so that the users can update the information themselves?

Any help would be appreciated.

Would still appreciate any help. Is there any staff that can help me out here?


Same problem here.

It feels almost silly, but there is a sign-up and a get API-call but no call to let the user update its information.
There must be some option for that? Anyone knows further?


You can use the Management API to patch current user metadata.

Note: The token must have the update:current_user_metadata scope.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.