I created a user via email & password authentication with my own database and migrated this user to auth0. In the process of logging in this user for the first time, I also created a roles attribute inside app_metadata by providing the field in the object of the callback for the custom database login script.
The Json looks something like:
{
"app_metadata": {
"roles": ["test-role"]
}
}
When I use the v2 update user API and I try to delete the roles field as specified in the docs, it does not work. The attribute remains and the user is unchanged.
What’s more interesting is that I can create new attributes inside this app_metadata and delete the roles attribute but when I try to delete all attributes, it resets back to having the test-role attribute inside roles inside app_metadata.
A more detailed workflow of what I tried below:
PATCH to the API with body
{
"app_metadata": {
"roles": ["test-role"],
"A": 1
}
}
Updates my user to have expected fields (roles and A are both present with correct values) when I perform a GET on that user.
Then…
PATCH to the API with body
{
"app_metadata": {
"A": 1,
"roles": null
}
}
Updates my user to have only A field and roles is deleted, which I expect because of how merging works.
Then…
PATCH to the API with body
{
"app_metadata": {}
}
Updates my user to revert back to containing only the roles field as “test-role” and no A field. I would expect this to delete app_metadata’s contents entirely but it changes it back to whatever data was in this object when the user was first migrated.
I tried with a user created directly in Auth0 (not migrated) and there are no issues there. I was wondering if this is a bug or some sort of special behaviour Auth0 has.