Auth0 Home Blog Docs

Receiving Invalid token when retrieving user metadata

auth0

#1

After creating a new tenant I receive an error when retrieving user meta_data. For an older tenant I have no problems receiving this information.

I receive the following error with the Swift Auth0 library:

Failed with unknown error ["attributes": { error = "Invalid token"; }, "statusCode": 401, "message": Invalid token, "error": Unauthorized]

This error occurs either for password or social login and no rules are implemented. Unfortunately, I was unable to observe any difference in settings between the tenants. Since it just works for the older tenant, I am wondering what settings might be underlying to the error above.


#2

Which endpoint are you using to fetch the user_metadata? Which token are you using to authorize the call?

In older tenants it was allowed to send the ID token to the Auth0 management API to fetch user metadata, if you are doing that, it is likely blocked (and should be blocked) in your new tenant. You should use /userinfo, augment your token in a rule (best option as that will remove the need for another API call altogether), pass the https://YOUR_TENANT.auth0.com/v2/api audience into authorize with the scope read:current_user_metadata and then use the access token to call the management API, or from your backend use client credentials to get a read:user scoped access token to call the management API.


#3

With you suggestions I was able to get it working!

However, updating userinfo still does not work. What I wanted to do is to retrieve and update userinfo in a frontend client using the Authentication API. Previously, I just used the Auth0.swift library for this (requiring an idToken instead of an access token as you mentioned):

Auth0
    .users(token: idToken)
    .get(userId, fields: ["user_metadata"], include: true)
    .start { result in

With the older tenant this works, but with the newest it doesn’t. So, I removed the library and with your suggestions I was able to retrieve the userinfo both using the management API (with the explorer), and using the authentication API with a request to https://TENANT.auth0.com/userinfo and a rule to include user_medata.

Although I was able to update this information with management API, with the authentication API I receive a statuscode 404. See the curl command for example:

curl https://TENANT.eu.auth0.com/userinfo \
	-X PATCH \
	-H 'Content-Type: application/json' \
	-H 'Authorization: Bearer ABCD' \
	-d '{ "NAMESPACEuser_metadata" : { "name" : "NEWNAME" } }'

Would you be able to comment on this as well?


#4

Any idea how to update user_metadata by a http request? I would appreciate any hints of what might be wrong with the curl command above.