auth0.js: Cannot update user with patchUserMetadata()

When trying to update a users meta data from my Angular 2 application using the auth0-client the preflight request is rejected with the following message:

XMLHttpRequest cannot load https://XXXXX.eu.auth0.com/api/v2/users/auth0%XXXXXX. Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://localhost:4200’ is therefore not allowed access.

// simplified for brevity

@Injectable()
export class AuthService {

  webAuth = new Auth0.WebAuth(authConfig);
  management: any;

  auth0UserProfile: Auth0UserProfile;

  constructor() {

    if (!window.location.hash) { return; }

    this.webAuth.parseHash(window.location.hash, (err, authResult) => {
      if (err) { return console.error('Failed to login:', err); }

      window.localStorage.setItem('id_token', authResult.idToken);

      // relevant part
      this.management = new Auth0.Management({
        domain: authConfig.domain,
        token: authResult.idToken
      });

      this.webAuth.client.userInfo(authResult.accessToken,  (err, profile) => {

        window.localStorage.setItem('profile', JSON.stringify(profile));
        this.auth0UserProfile = profile;

      });

    });

  }

  public login() {
    this.webAuth.authorize({
      responseType: 'token',
      redirectUri: window.location.origin
    });
  }

  // Other relevant part. This is the part that fails.
  private updateUser(data) {
    this.management.patchUserMetadata(this.auth0UserProfile.user_id, data, (err, profile) => {
      if (err) return console.error('Failed to update user', err);

      this.auth0UserProfile = profile;
      localStorage.setItem('profile', JSON.stringify(profile));
    });

  }

}

Headers for the failing request image

Calls to WebAuth.authorize() webAuth.changePassword() do work fine however.

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 1
  • Comments: 15 (5 by maintainers)

Most upvoted comments

@RobinJayaswal I’ve asked to patch the backend for this header, you can make the request yourself using client side since it’s just a simple PATCH. Once I know it’s patched I’ll notify.

We have submitted the issue to the api backend team and the fix should be merged by EOW. Will post here once the fix is deployed

Any update on this? This prevents me from being able to let the user update their user metadata on the client, and am wondering if I will need to work around this by using the backend SDK for this task, or if this is going to be fixed sometime soon.