Paiwand Karem
05/21/2024, 5:24 AMMarek Zelc
05/21/2024, 6:32 AMPaiwand Karem
05/21/2024, 9:42 AM{
"detail": "The requested endpoint does not exist or you do not have permission to access it.",
"status": 404,
"title": "Not Found",
"traceId": "90ad8f1c0bf7b1f9230d233ec2ea8e3d"
}
using this body
{
"data": {
"id": "localis",
"type": "organization",
"attributes": {
"allowedOrigins": [],
"earlyAccess": "",
"hostname": "<http://app.localis.co|app.localis.co>",
"jitEnabled": false,
"name": "Localis",
"oauthClientId": "clientId",
"oauthClientSecret": "ClientSecret",
"oauthIssuerId": "auth0",
"oauthIssuerLocation": "<https://localis.au.auth0.com>",
"oauthSubjectIdClaim": "sub"
}
}
}
Paiwand Karem
05/21/2024, 9:42 AMMarek Zelc
05/21/2024, 9:48 AMPaiwand Karem
05/21/2024, 10:06 AMPaiwand Karem
05/22/2024, 8:40 AMMarek Zelc
05/22/2024, 8:59 AMBoris
05/22/2024, 9:16 AMsub
given_name, family_name
email
urn.gooddata.user_groups
sub - it's always there, it's the unique identifier of the user in your auth0 tennant
given_name, familiy_name - I was surprised because it seems that there's no easy way to add these through UI, but they are standard user parameters, that could easily be added through user API
email - should be there always as it's a needed parameter when creating the user
urn.gooddata.user_groups - this is a custom claim and it was only one that's not straightforward - only way we found is indeed through actions in auth0 and we haven't found a mention of any other way in their documentation/forumsPaiwand Karem
05/22/2024, 9:23 AMBoris
05/22/2024, 9:49 AMPaiwand Karem
05/22/2024, 11:49 AMPaiwand Karem
05/22/2024, 11:49 AM{
"title": "Unauthorized",
"status": 401,
"detail": "401 UNAUTHORIZED \"Authorization failed. Missing mandatory claims: [given_name, family_name]\"",
"traceId": "2faab11cbaef332e2f69d10abece7917"
}
Paiwand Karem
05/22/2024, 11:49 AMPaiwand Karem
05/22/2024, 11:49 AMBoris
05/22/2024, 11:51 AMBoris
05/22/2024, 11:53 AM{
"blocked": false,
"email_verified": false,
"email": "<mailto:user@example.com|user@example.com>",
"phone_number": "string",
"phone_verified": false,
"user_metadata": {},
"app_metadata": {},
"given_name": "string",
"family_name": "string",
"name": "string",
"nickname": "string",
"picture": "string",
"verify_email": false,
"verify_phone_number": false,
"password": "string",
"connection": "string",
"client_id": "string",
"username": "string"
}
since it's patch call and the endpoint is defined by user ID, it should pass with minimal content (but it's possible that some of these are mandatory):
{
"given_name": "AA",
"family_name": "BB"
}
Paiwand Karem
05/22/2024, 11:54 AMPaiwand Karem
05/22/2024, 11:54 AMPaiwand Karem
05/22/2024, 11:56 AMBoris
05/22/2024, 11:59 AMBoris
05/22/2024, 12:03 PMPaiwand Karem
05/22/2024, 12:08 PM{
"id": "2f3faa2a-1427-43d4-839e-1067961ab83f",
"type": "user",
"attributes": {
"authenticationId": "google-oauth2|114876045742542820210",
"firstname": "Paiwand",
"lastname": "Karem",
"email": "paiwand@localis.co"
},
"links": {
"self": "<https://app.localis.co/api/v1/entities/users/2f3faa2a-1427-43d4-839e-1067961ab83f>"
}
},
{
"id": "paiwand",
"type": "user",
"attributes": {
"authenticationId": "auth0|66336fecad53dc15b4cce02a",
"email": "paiwand@localis.co"
},
"links": {
"self": "<https://app.localis.co/api/v1/entities/users/paiwand>"
}
}
You can see there are now two accounts with the same email with the latter being the one provisioned by the support team for my original access.
It's associated the same email to our new auth0 instance and did not translate across anything else (probably due to the current user provisioning setup being incorrect).
I do still have the original accounts API token and am using that to interact with the API.
Is there an endpoint to grant this new user admin access?Boris
05/22/2024, 12:11 PMauth0|66336fecad53dc15b4cce02a
which points to our auth0 needs to be replaced with id from your own auth0 (be sure to use ?include=userGroups
parameter when updating the user, in order to not lock them out of admin group and losing access for your api token)