Hello! I created one API and I added 2 Permission, this is the configure:
and I enable to my aplication type machine to machine:
so, each time that I try to update some date I got this:
1. error: "Unauthorized"
2. message: "Bad audience: https://dev-app/api/v1"
3. statusCode: 401
why?? what’s wrong
this’s the endpoint that I’m using:
scope: update:current_user_metadata
endpoint: [PATCH /api/v2/users/{id}]
I was checking the token that I’m sending through endpoint, I checked it with jwt.io and the PAYLOAD:DATA is right
so I check too the grant_types of my application type machine to Machine:
is right too
tyf
January 24, 2024, 4:15pm
3
Hey there @Gerarca !
Judging by the error, the audience
param you are using to authorize (and subsequently the audience claim in your access token) is different than the audience of the endpoint you are attempting to use the access token against.
If you are indeed attempting to PATCH
users at /api/v2/users
then you will need to be sure you are passing a Management API access token in the request. This access token will need to have an audience of https://{yourDomain}/api/v2/
Question: What is the Audience?
Answer:
The audience parameter exists as part of the OAuth2.0 protocol. You can read more information from the specification here .
What is it?
The audience (presented as the aud claim in the access token) defines the intended consumer of the token.
This is typically the resource server (API, in the dashboard) that a client (Application) would like to access.
It can be added to the request to authorize i.e. audience: 'https://test-api'
Here is an example where …
Hello @tyf
I’m working with a SPA, so checking Get Management API Access Tokens for Single-Page Applications I see:
Password changes through the PATCH /api/v2/users/{id} endpoint are not possible with a Management API Token issued for a SPA.
that is so sad
what is the better way to change the password??
1 Like
tyf
January 24, 2024, 11:08pm
5
That is correct, Management API Tokens obtained directly through a SPA are limited in scope by design.
The most common way of going about this is using a backend to serve as proxy for the SPA making calls against the management API:
Question: How can I enable users to change their email address from a SPA or native app?
Answer:
Public clients (like SPAs and native applications) are restricted from requesting tokens for the management API with the proper scopes for updating a user’s email. These types of applications are limited to a few specific scopes . Because of these limitations, email change requests from public clients must flow through a backend or proxy API. This could be a serverless function with the sole purpose…
If you’re interested, here is an example of what this might look like in a Node backend - This extends our standard auth0-react sample app .
1 Like
tyf
January 26, 2024, 4:29pm
7
No problem, happy to help! Glad you were able to get it working
system
Closed
February 9, 2024, 4:30pm
8
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.