update_user method doesn't remove users attribute on auth0 if we send nil as attribute value.

Question

update_user method doesn't remove users attribute on auth0 if we send nil as attribute value.

Closed this issue 3 years ago · 3 comments

Describe the problem

update_user method doesnt remove users attribute on auth0 if we send nil as attribute value.

What was the expected behavior?

By the documentation there is possibility that in a case when we send null as a key value (attribute value) auth0 will accept that information and remove that attribute.

Tested on https://auth0.com/docs/api/management/v2#!/Users/patch_users_by_id
By providing my user_id and this body:

{
  "given_name": null,
  "family_name": "null",
  "connection": "some-db",
  "client_id": "someid"
}

it successfully removes given_name attribute from user on auth0.

Reproduction

So, I have current method:

Auth0M2MClient.instance.with_client do |client|
  content = {"family_name": nil, "given_name": "somename"}
  client.update_user(user_id, content)
end

its used for update users attributes like email, family_name, given_name inside my local rails app and on auth0 side.

By running current code I am getting update on given_name attribute correctly, but the family_name stays as before, with value which it has from previous update (some string like "fam-name").

Here you can see my ruby console response if I set nil to family_name attribute or some string like in this case "me"

Those are info about my project and gem versions:

gem 'auth0', '~> 4.11'
gem 'omniauth-auth0', '2.4.1'
gem 'omniauth-rails_csrf_protection', '~> 0.1'
App is built with ruby '2.3.4' rails 4.1.8

From my investigation it looks like hash keys with nil as value are stripped before they reach Auth0 API end point.
Couldn't find any similar issue or solution for this problem. Is anyone had similar problem?

Answer 1 · 2021-08-30T22:00:43.000Z

From my investigation it looks like hash keys with nil as value are stripped before they reach Auth0 API end point.
Couldn't find any similar issue or solution for this problem. Is anyone had similar problem?

@nezirz this is correct. If the body param is set to nil, the client assumes it is empty and does not pass it. https://github.com/auth0/ruby-auth0/blob/master/lib/auth0/mixins/httpproxy.rb#L20

Let me investigate this and see what we can come up with

Answer 2 · 2021-08-31T06:07:01.000Z

Hey @davidpatrick thank you for replay.
Yes, I tried with string 'null', "null", 'nil' and so on but nothings happen on auth0 side, it take that as a string and set it as a string in keys value. If send nil, previous value in those keys/attributes stays.

Answer 3 · 2021-09-08T23:28:04.000Z

Hey @nezirz, there is no real clear path forward here without introducing breaking changes, and potentially introducing unintended side effects on other endpoints that would allow you to set null values.

However, you can work around the built in method by directly calling client.request

client.request(:patch, "#{client.base_uri}/api/v2/Users/", {"family_name": nil, "given_name": "somename"})