Hello! I created one API and I added 2 Permission, this is the configure:
and I enable to my aplication type machine to machine:
so, each time that I try to update some date I got this:
1. error: "Unauthorized"
2. message: "Bad audience: https://dev-app/api/v1"
3. statusCode: 401
why?? what’s wrong
this’s the endpoint that I’m using:
scope: update:current_user_metadata
I was checking the token that I’m sending through endpoint, I checked it with jwt.io and the PAYLOAD:DATA is right
so I check too the grant_types of my application type machine to Machine:
is right too
tyf
January 24, 2024, 4:15pm
3
Hey there @Gerarca !
Judging by the error, the audience param you are using to authorize (and subsequently the audience claim in your access token) is different than the audience of the endpoint you are attempting to use the access token against.
If you are indeed attempting to PATCH users at /api/v2/users then you will need to be sure you are passing a Management API access token in the request. This access token will need to have an audience of https://{yourDomain}/api/v2/
here .
Hello @tyf
I’m working with a SPA, so checking Get Management API Access Tokens for Single-Page Applications I see:
Password changes through the PATCH /api/v2/users/{id} endpoint are not possible with a Management API Token issued for a SPA.
that is so sad
what is the better way to change the password??
1 Like
tyf
January 24, 2024, 11:08pm
5
That is correct, Management API Tokens obtained directly through a SPA are limited in scope by design.
The most common way of going about this is using a backend to serve as proxy for the SPA making calls against the management API:
These types of applications are limited to a few specific scopes . Because of these limitations, email change requests from public clients must flow through a backend or proxy API. This could be a serverless function with the sole purpose…
If you’re interested, here is an example of what this might look like in a Node backend - This extends our standard auth0-react sample app .
1 Like
tyf
January 26, 2024, 4:29pm
7
No problem, happy to help! Glad you were able to get it working
system
February 9, 2024, 4:30pm
8
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
