Auth0 Home Blog Docs

Update User API Field Deletion Not Working With Imported Users

api
#1

I created a user via email & password authentication with my own database and migrated this user to auth0. In the process of logging in this user for the first time, I also created a roles attribute inside app_metadata by providing the field in the object of the callback for the custom database login script.

The Json looks something like:

{
    "app_metadata": {
        "roles": ["test-role"]
    }
}

When I use the v2 update user API and I try to delete the roles field as specified in the docs, it does not work. The attribute remains and the user is unchanged.

What’s more interesting is that I can create new attributes inside this app_metadata and delete the roles attribute but when I try to delete all attributes, it resets back to having the test-role attribute inside roles inside app_metadata.

A more detailed workflow of what I tried below:

PATCH to the API with body

{
	"app_metadata": {
		"roles": ["test-role"],
		"A": 1
	}
}

Updates my user to have expected fields (roles and A are both present with correct values) when I perform a GET on that user.

Then…
PATCH to the API with body

{
	"app_metadata": {
		"A": 1,
		"roles": null
	}
}

Updates my user to have only A field and roles is deleted, which I expect because of how merging works.

Then…
PATCH to the API with body

{
	"app_metadata": {}
}

Updates my user to revert back to containing only the roles field as “test-role” and no A field. I would expect this to delete app_metadata’s contents entirely but it changes it back to whatever data was in this object when the user was first migrated.

I tried with a user created directly in Auth0 (not migrated) and there are no issues there. I was wondering if this is a bug or some sort of special behaviour Auth0 has.