Hi,
This will be relatively simple to some, but is quiet tricky in my current state of learning web dev.
I am still trying to get use to Auth0 and working with the Management API in Python. Moreover, I am working in Flask. I can’t seem to come right with a simple update of a user’s profile, specifically “name”. I am struggling to find the right documentation as well, and may be missing some logic working with the API.
My current flow is as follows: (as of snippet 1 below) whilst authorizing at login, a request is made for an access token to use the management API. The token is stored in a user’s session. (as of snippet 2 below) In an “account information” front-end template, a user requests to change their account “name” field. This is where the error occurs, a response 401 is thrown with debugger stating something along the lines of “the machine actively refused it”.
I am more of a fan of SDKs than APIs, but as I said I cannot find documentation or examples anywhere re this. If you have an example with an SDK I will not mind using that.
Snippet 1 (in the login callback)
auth0.authorize_access_token()
resp = auth0.get(‘userinfo’)
userinfo = resp.json()
#management API access token
conn = http.client.HTTPSConnection("customdomain.eu.auth0.com")
payload = "{\"client_id\":\"secret_client_id_1234\",\"client_secret\":\"secret_oh_so_secret_abc123\",\"audience\":\"https://customdomain.eu.auth0.com/api/v2/\",\"grant_type\":\"client_credentials\"}"
headers = { 'content-type': "application/json" }
conn.request("POST", "/oauth/token", payload, headers)
res = conn.getresponse()
data = res.read()
data = data.decode("utf-8")
data = json.loads(data)
# Store the user information in flask session.
session['jwt_payload'] = userinfo
session['profile'] = {
'user_id': userinfo['sub'],
'name': userinfo['name'],
'email': userinfo['email'],
'management_access_token': data['access_token'] #store management access token here
}
return redirect('/login_success_page')
Snippet 2 (in an “account” route and template)
profile = session['profile']
if request.method =="POST":
if 'updateaccountname' in request.form:
name = request.form['accname']
headers = { 'Content-Type': 'application/json', 'authorization': "Bearer
{MNGMNT_ACCESS_TOKEN}".format(MNGMNT_ACCESS_TOKEN = profile[‘management_access_token’]}
data = '{"name":"John Doe"}' #name change here, formatting accordingly to the form in the front-end, but keeping "John Doe" for testing purposes
patch_url = "https://login.auth0.com/api/v2/users/{user_id}".format(user_id = profile["user_id"])
requests.patch(patch_url, headers=headers, data=data)
print(res) #returns error 401
return render_template('user-account.html', userinfo=session['profile'])