Permissions
Use the following permissions to get an access token for the machine-to-machine applications. To learn more, read Register Machine-to-Machine Applications.Limitations
By default, user profile attributes provided by other than Auth0 (such as Google, Facebook, or X) are not directly editable because they are updated from the identity provider each time the user logs in. Fore more information on attributes from identity providers, read Configure Identity Provider Connection for User Profile Updates. To be able to edit thename, nickname, given_name, family_name, or picture root attributes on the normalized user profile, you must configure your connection sync with Auth0 so that user attributes will be updated from the identity provider only on user profile creation. These root attributes will then be available to be edited individually or by bulk imports
You can set passwords using the create or update endpoints, but for security purposes, passwords cannot be viewed with the get or list user commands. The right side of the API explorer provides hints on the user profile attributes which can be viewed or modified for any given call.
Endpoints
- Use the
/usersendpoint to retrieve information about all users. You can also include search criteria to find specific users. - Use the
/user_idto retrieve information about one user based on theuser_id. Theuser_idis an internal identifier that consists of a connection name and a unique identifier for the user. Theuser_idis different from the . - The
/userinfoendpoint takes as input the Auth0 access token and returns user profile information. This endpoint will include the results of any rules that may have altered the user profile during the authentication transaction, but the resulting user profile will not be filtered by any Scoping. - The
/tokeninfoendpoint takes as input the Auth0 ID token and returns user profile information. This endpoint will return a result that does not include the results of any rules that alter the user profile.