Python Management API - help with updating user information

Hi,

This will be relatively simple to some, but is quiet tricky in my current state of learning web dev.

I am still trying to get use to Auth0 and working with the Management API in Python. Moreover, I am working in Flask. I can’t seem to come right with a simple update of a user’s profile, specifically “name”. I am struggling to find the right documentation as well, and may be missing some logic working with the API.

My current flow is as follows: (as of snippet 1 below) whilst authorizing at login, a request is made for an access token to use the management API. The token is stored in a user’s session. (as of snippet 2 below) In an “account information” front-end template, a user requests to change their account “name” field. This is where the error occurs, a response 401 is thrown with debugger stating something along the lines of “the machine actively refused it”.

I am more of a fan of SDKs than APIs, but as I said I cannot find documentation or examples anywhere re this. If you have an example with an SDK I will not mind using that.

Snippet 1 (in the login callback)
auth0.authorize_access_token()
resp = auth0.get(‘userinfo’)
userinfo = resp.json()

#management API access token
conn = http.client.HTTPSConnection("customdomain.eu.auth0.com")

payload = "{\"client_id\":\"secret_client_id_1234\",\"client_secret\":\"secret_oh_so_secret_abc123\",\"audience\":\"https://customdomain.eu.auth0.com/api/v2/\",\"grant_type\":\"client_credentials\"}"

headers = { 'content-type': "application/json" }

conn.request("POST", "/oauth/token", payload, headers)

res = conn.getresponse()
data = res.read()
data = data.decode("utf-8")
data = json.loads(data)

# Store the user information in flask session.
session['jwt_payload'] = userinfo
session['profile'] = {
    'user_id': userinfo['sub'],
    'name': userinfo['name'],
    'email': userinfo['email'],
    'management_access_token': data['access_token']  #store management access token here
}
return redirect('/login_success_page')

Snippet 2 (in an “account” route and template)

profile = session['profile']

if request.method =="POST":

    if 'updateaccountname' in request.form:

        name = request.form['accname']

        headers = { 'Content-Type': 'application/json', 'authorization': "Bearer 

{MNGMNT_ACCESS_TOKEN}".format(MNGMNT_ACCESS_TOKEN = profile[‘management_access_token’]}

        data = '{"name":"John Doe"}' #name change here, formatting accordingly to the form in the front-end, but keeping "John Doe" for testing purposes

        patch_url = "https://login.auth0.com/api/v2/users/{user_id}".format(user_id = profile["user_id"])

        requests.patch(patch_url, headers=headers, data=data)
        print(res) #returns error 401
        

return render_template('user-account.html', userinfo=session['profile'])

Hi @kyle-walden ,

Welcome to Auth0 Community!

To identify what’s going on,

  1. Check you are setting the correct user_id in the patch_url
  2. Check the Application you are using to update the user profile have the update:user permission granted for the Auth0 Management API.

To check the granted permissions, navigate to APIs → Auth0 Management API → Machine to Machine Applications and select your Application.

You can also use a tool like https://jwt.io to decode your Management API access token and see if it has the necessary scopes assigned.

To learn more about Scopes, please refer to: Scopes

Hope this helps! If you have further questions, please let us know!

2 Likes

Let us know Kyle if you have any further questions!

1 Like