Auth0 Management API

Daily Standup

Today I finally dug into the Auth0 management API. There’s a lot you can do with Auth0 without having to do this, and up until now I gladly used their ‘getting started’ tools to do everything I wanted/needed to do. BUT, in order to do some simple things like change a username, you have to use their management API.

Set Up

I went for the simplest set up. This means I’m making an HTTP request every time I request an authorization token, and for every interaction with the API. There’s a way to streamline this using the node-auth0 npm packagethis article shows an example of implementing it.

But for the time being given I only want to make two changes, I went for the simple setup. I added a new set of helper functions to the ap, each of which uses a getToken() function to do what it says on the tin. Then I use the token for each of the API endpoints.

In the end I got it to work! There were some bumps along the way:

  • Forgetting to include “Bearer” with the token (authorization: \Bearer ${token}``)
  • Seeing the result, which is long, and caused a Converting circular structure to JSON error when trying to view the result in the browser via res.send(result). However I could console.log the result, and in doing so found that the information I actually needed was in That successfully rendered in the browser.
  • Seeing errors if there were any—initially I could only see something generic like 400 Bad Request…not helpful at all since Auth0 gives a 400 error for over a dozen things that can go wrong. Eventually I found that a useful error message can be found within

Other Stuff

Auth0 has a weird thing about how they set up usernames. When you create one, it only allows the alphanumeric characters and -, _, +, and .. But when I tried some usernames using the API it seems the list of allowable characters is longer, based on the error:

{ statusCode: 400,
error: 'Bad Request',
'Username can only contain alphanumeric characters and the following characters: \'_\', \'+\', \'-\', \'.\', \'!\', \'#\', \'$\', \'\'\', \'^\', \'`\', \'~\' and \'@\'.',
errorCode: 'auth0_idp_error' }

Or more legible: underscore _, plus sign +, hyphen -, dot ., exclamation point !, octothorpe #, dollar sign $, backslash \, caret ^, backtick `, tilde ~, and at sign @.

Up Next

Next step is to (hopefully) use what I learned to set up a secret registration page. I found a couple of resources that I’m hoping will help: best walk-through, another article