Impossible to update users from the API

Question

Impossible to update users from the API

CodeDrivenMitch opened this issue a year ago · 1 comments

Checklist

I have looked into the Readme and Examples, and have not found a suitable solution or answer.
I have looked into the API documentation and have not found a suitable solution or answer.
I have searched the issues and have not found a suitable solution or answer.
I have searched the Auth0 Community forums and have not found a suitable solution or answer.
I agree to the terms within the Auth0 Code of Conduct.

Description

I want to update the user's name and some additional information from the backend. For this, I use this SDK.

Unfortunately, the auth0 API no longer accepts attributes that it will not update. Retrieving a user, modifying some fields and then saving it will not work because of this. This is the reported error:

Request failed with status code 400: Payload validation error: 'Additional properties not allowed: locale,logins_count,last_login,last_ip,identities,updated_at,created_at,user_id (consider storing them in app_metadata or user_metadata. See "Users Metadata" in https://auth0.com/docs/api/v2/changes for more details)'.

In addition, the fields mentioned by the error can not be cleared, as there are no setters.

Reproduction

Obtain an API

    private fun getApi(): ManagementAPI {
        val token = AuthAPI.newBuilder(domain, clientId, clientSecret).build()
            .requestToken("https://$domain/api/v2/").execute()
            .body.accessToken

        return ManagementAPI.newBuilder(domain, token).build()
    }

Call the update:

@PostMapping("register")
fun accept(@RequestBody body: RegisterBody, principal: Principal) {
    val subject = principal.sub()
    val api = getApi()
    val currentUser = api.users().get(subject, UserFilter()).execute().body
    currentUser.givenName = body.firstName
    currentUser.familyName = body.lastName
    if(currentUser.userMetadata == null) {
        currentUser.userMetadata = mutableMapOf()
    }
    currentUser.userMetadata["Organization"] = body.company
    currentUser.userMetadata["Terms"] = Instant.now().toEpochMilli()
    currentUser.userMetadata["Registered"] = true
    api.users().update(subject, currentUser).execute()
}

Additional context

It would be possible to work around this by creating a new user, copying ALL attributes manually, and then posting it. This does not seem desireable to me, however.

auth0-java version

2.4.0

Java version

17

Answer 1 · 2023-07-17T14:47:54.000Z

Hey @CodeDrivenMitch, thanks for raising this. As you noticed, because the domain objects like User are not request-specific (i.e., we don't have a CreateUserRequest or UpdateUserRequest), issues like you encountered can happen. In a future version of the library we may do just that, and separate the body objects based on requests. That would be a big change, however, so for now what you can do is create a new User like you mentioned, but you shouldn't need to copy all the attributes. Just set the fields you want updated; any fields that aren't changing can be ommitted. I know it's not ideal but others have found doing that to not be too onerous. Perhaps we can look into a way to create the separation in the short-term without creating all new body types, just not sure how that would work in the short-term.