Auth0 Home Blog Docs

Unable to reset password via Management API


#1

I’ve been following https://auth0.com/docs/connections/database/password-change#using-the-management-api but keep getting a 400 error:

"{\"statusCode\":400,\"error\":\"Bad Request\",\"message\":\"The connection does not exist.\",\"errorCode\":\"inexistent_connection\"}"

My request is as follows:

"{\"password\":\"a1! xxxxxxx\",\"connection\":\"Username-Password-Authentication-Custom\"}"

and the connection ‘Username-Password-Authentication-Custom’ exists and is enabled for this application.
The client Id and client secret for this application are used to fetch the bearer token before this call, and that returns a valid token.

This is the calling code for password reset. _domain matches the Domain value for the application.

HttpClient client = new HttpClient();
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
client.DefaultRequestHeaders.Add("Authorization", "Bearer " + await GetAuth0ManagementToken());

string json = JsonConvert.SerializeObject(data);
string url = $"https://{_domain}/api/v2/users/auth0|{userId}";

var resp = await client.SendAsync(new HttpRequestMessage(new HttpMethod("PATCH"), url)
{
	Content = new StringContent(json, System.Text.Encoding.UTF8, "application/json")
});

#2

Further to this…

If I leave out the connection, it works, but updates the wrong connection
(which is not what the docs say: “If you are updating email_verified, phone_verified, username or password you need to specify the connection property too.” - https://auth0.com/docs/api/management/v2#!/Users/get_users).

If I specify the wrong connection by name it works.

Given the above, I assume my scopes are correct for updating a password.

I’ve verified the client is enabled in the connection I want to use as get Connections (using Postman with the same mgmt token) includes:

"name": "Username-Password-Authentication-Custom",
"enabled_clients": [ "ZSu2I00dbI0...",  ] // the client in my management token request

I also tried the password update using the Postman client, and got the same result.

I’m running out of ideas here, so some suggestions would be appreciated.


#3

Ok - so overall I’ve come to establish that the way our account has been set up is unwise (fwiw - it was setup before I was with the org). We’ve essentially got two connections both returning user_id’s of type auth0|xxx, which makes no sense if the word connection is replaced with identity provider. I’m fixing this by creating a new tenant and migrating users (harder than it sounds, especially for fields like given_name).

But as a note to auth0 - I appreciate this is poorly set up, but there’s not much in the API itself that enforces this or even points a dev towards that. For instance, if a connection really is synonymous with an IdP then could creating a user with the same user_id (even from a different connection) fail? I don’t know if there are scenarios where that would be legit - if so even some kind of warning in the logs?


#4

Aarg… but the nightmare continues.

I can’t import the users into the new tenant because their emails exist.
But I can’t change their emails because calls to UpdateAsync with Connection = “Username-Password-Authentication-Custom” returns “'The connection does not exist”.

Auth0 - your docs say “If your are updating email or phone_number you need to specify the connection and the client_id properties.” With that information why can’t they find the right user?