How to use okta.users.manage.self scope to update users own profile?

I have granted the okta.users.manage.self and scopes in my application and used the org auth server to mint a token. However, I am having issues updating the user’s profile with it.

I can perform a GET request to /api/v1/users/me successfully, but when I do a POST request I am given the following 403 response:

      "errorCode": "E0000006",
      "errorSummary": "You do not have permission to perform the requested action",
      "errorLink": "E0000006",
      "errorId": "oae07FSOK28QKyvZshjDmrSzQ",
      "errorCauses": []

I do not have this issue if I am logged in as a user who also happens to be a super-admin for the Okta org, but when I log in as another user and try to do the same thing I am blocked.

The user’s token looks like this:

      "ver": 1,
      "jti": ...,
      "iss": "https://{my-org}",
      "aud": "https://{my-org}",
      "sub": "{my-username}",
      "iat": ...,
      "exp": ...,
      "cid": ...,
      "uid": ...,
      "scp": [

Am I doing something wrong / missing something, or is this a bug?

I ended up finding the solution myself. One of the fields being updated in the profile was set to ‘read only’, which caused the request to be rejected.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.