Hi, im trying to make a request using API to update profile information of a user.
I tried using access tokens but it is returning the 403 forbidden error.
I followed the process here to generate access tokens and use it. but its not helping - edx-platform/0003-use-jwt-as-oauth-tokens-remove-openid-connect.rst at master · openedx/edx-platform · GitHub .
The problem statement here is, i should be able to update full name, country, and other such account details for any user using the API.
Any help or guidance will be helpful.
Thank you
feanil
(Feanil Patel)
May 13, 2022, 12:14pm
2
How did you get the access token @ShreehariVaasishta ? What endpoint or series of steps did you follow?
Hi @feanil , i should have included a detailed info with respect to it, sorry for that.
I created an application here http://local.overhang.io/admin/oauth2_provider/application/ through the Django admin panel. client_id and client secret were prefilled so did not make any changes. i have set the user with superuser access. The below screenshot shows the info in that particular instance.
After that i made a request to http://local.overhang.io/oauth2/access_token/ to get the access token.
curl -X POST -d "client_id=MLoAsrMoXYCfGe3lmerbKOJkZi89eHWbrgPk6JWr&client_secret=KkbfT1rXZbEaSEiq8MfyyXUzQjYijyZeDzkhmy3WQCxzgQau71rHGdKA7iMAnNlYREwl50hj7jdqdZnBQpG9b4sdIpo92klOPkdHbdBCuNe9mDKVAHTeF7ioJzUJGci1&grant_type=client_credentials" http://local.overhang.io/oauth2/access_token/
I then used the same access token in the below request to change the full name of a user.
curl 'http://local.overhang.io/api/user/v1/accounts/stefan@example.com' \
-X PATCH -H 'Authorization: Bearer pFHqjG66aqyYlkOObSd4uaKXxDLzlb' \
-H 'content-type: application/merge-patch+json' \
--data-raw '{"name":"RandomFulll Name34"}'
This is the particular error traceback.
lms_1 | 2022-05-14 07:43:51,946 WARNING 7 [openedx.core.djangoapps.user_api.helpers] [user 57] [ip 172.20.0.1] helpers.py:68 - A handled error occurred when calling 'update_account_settings' with arguments '(<User: api-user>, {'name': 'Hayssssssyyy'})' and keyword arguments '{'username': 'lipefa3301@angeleslid.com'}': UserNotAuthorized()
From my limted knowledge of edx codebase, i think the exception is raised in this line -
same time, some parts of the update may have been successful, even if an errors.AccountUpdateError is
returned; in particular, the user account (not including e-mail address) may have successfully been updated,
but then the e-mail change request, which is processed last, may throw an error.
errors.UserAPIInternalError: the operation failed due to an unexpected error.
"""
# Get user
if username is None:
username = requesting_user.username
if requesting_user.username != username:
raise errors.UserNotAuthorized()
user, user_profile = _get_user_and_profile(username)
# Validate fields to update
field_errors = {}
_validate_read_only_fields(user, update, field_errors)
user_serializer = AccountUserSerializer(user, data=update)
legacy_profile_serializer = AccountLegacyProfileSerializer(user_profile, data=update)
for serializer in user_serializer, legacy_profile_serializer:
add_serializer_errors(serializer, update, field_errors)
Is there any way to overcome this exception?
feanil
(Feanil Patel)
May 16, 2022, 3:56pm
5
So looking at that piece of code, the API only allows you to change your own usernames and not the user names of other users. I think because you’re trying to change the username of a different user, it’s not allowed.
ShreehariVaasishta:
The problem statement here is, i should be able to update full name, country, and other such account details for any user using the API.
To come back to your problem statement, I don’t think this API endpoint is built for that. I believe others have built extensions and plugins that can do what you want but it may not be there in the core platform.
I think eox-core can provide you a lot of user management capabilities so you may want to have a look at that.
Thanks a lot for clarifying it and sharing the resource @feanil .