Update current user and search users

I created a Machine to Machine application.

I have a React client

NodeJS backend

What I want to do is give the ability to the current logged in user to update their nickname

I want the current logged in user the ability to search all of the users for a given tenant.

I imagine, I update the user via my server code and not client code using the machine to machine application.

I don’t understand how to specify scope? Can someone point to some code where it shows how to pass scope and the endpoint I can use?

Thank you

Hi @iJKTen,

Welcome to the Community!

It is possible to give a SPA access to certain scopes for the current user for the Management API, as described here: https://auth0.com/docs/tokens/management-api-access-tokens/get-management-api-tokens-for-single-page-applications#available-scopes-and-endpoints

Since you want to allow them to update a root attribute (nickname) instead of metadata plus look up other users, then you are correct that you’ll need to make the request via your server-side code as a machine-to-machine application.

Your M2M app will need to be authorized to use the read:users and update:users scopes:

Once your M2M app is authorized, you can request an Access Token using the client credentials flow,:

  function init () {
    return getToken()
      .then(data => data.access_token)
      .then(token => {
        const managementClient = new ManagementClient({
          domain: `${process.env.CLIENT_DOMAIN}`,
          audience: `https://${process.env.CLIENT_DOMAIN}/api/v2/`

        // set it so we can use it in our other methods
        this.managementClient = managementClient;
        return true;
      .catch(err => err);

  function getToken () {
    const clientId = process.env.CLIENT_ID;
    const clientSecret = process.env.CLIENT_SECRET;
    const url = `https://${process.env.CLIENT_DOMAIN}/oauth/token`;

    return axios
      .post(url, {
        client_id: clientId,
        client_secret: clientSecret,
        grant_type: "client_credentials",
        audience: `https://${process.env.CLIENT_DOMAIN}/api/v2/`
      .then(res => res.data)
      .catch(err => err);

Once you have the Access Token, you can either use the Management API endpoints directly, or you can use the Management API Client node-auth0:

// https://auth0.github.io/node-auth0/module-management.ManagementClient.html#getUsers
// Note: results are paginated
function getUsers (params) {
  return this.managementClient
    .then(users => users)
    .catch(err => err);

// https://auth0.github.io/node-auth0/module-management.ManagementClient.html#updateUser
function updateUser (userId, data) {
  const params = {id: userId}
  return this.managementClient
    .updateUser(params, data, function (err, user) {
    .then(user => user)
    .catch(err => err);

This article provides an example of creating a module for the Management API client in a Node app (it’s specific to managing clients, but the code example can be adjusted for managing users): Overview of Auth0's Management API v2 to update client settings

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.