TFD
ThoughtSpot For Developers3mo ago
strativd

strativd -

Solution:
Hello @strativd When using the api/rest/2.0/auth/token/custom endpoint, user properties such as display name, email, org, and group assignments are not updated with new values — even if the user already exists in the system. This differs from the api/rest/2.0/auth/token/full endpoint, where — when auto_create is set to TRUE — all user properties are replaced with the values provided in the request. The full token endpoint always overwrites existing user properties. ...
REST API v2.0 Playground
ThoughtSpot REST API v2.0 Playground
No description
Jump to solution
4 Replies
shikharTS
shikharTS3mo ago
Hey the user groups should be updated via the same endpoint, given the user is already existing in the system.. Also I see you are using auto_create as set to true, we have this mentioned in the docs 
Set auto_create to true if the user is not available in ThoughtSpot. If the user already exists in ThoughtSpot and the auto_create parameter is set to true in the API request, the user properties such as the display name, email, Org and group assignment will not be updated with new values.
Set auto_create to true if the user is not available in ThoughtSpot. If the user already exists in ThoughtSpot and the auto_create parameter is set to true in the API request, the user properties such as the display name, email, Org and group assignment will not be updated with new values.
strativd
strativdOP3mo ago
the user groups should be updated via the same endpoint
I have tried everything and I cannot get the groups to change for an existing user via the ABAC token endpoint.
Solution
sandeep
sandeep3mo ago
Hello @strativd When using the api/rest/2.0/auth/token/custom endpoint, user properties such as display name, email, org, and group assignments are not updated with new values — even if the user already exists in the system. This differs from the api/rest/2.0/auth/token/full endpoint, where — when auto_create is set to TRUE — all user properties are replaced with the values provided in the request. The full token endpoint always overwrites existing user properties. In contrast, the current behavior of the custom token endpoint is to append certain values (like filter_rules or parameter_values) rather than updating all attributes. Other properties such as display name or groups are not updated through this endpoint as of now. Going forward, the custom token endpoint will support options to append, replace, or reset user properties, controlled via the persist_option attribute. However, that capability is still under development. Apologies for the confusion — the reset_option shown earlier in the documentation was a preview of upcoming functionality and should not have been visible until the related changes are ready for production. For current capabilities, please refer to the official documentation here: https://developers.thoughtspot.com/docs/restV2-playground?apiResourceId=http%2Fapi-endpoints%2Fauthentication%2Fget-custom-access-token
REST API v2.0 Playground
ThoughtSpot REST API v2.0 Playground
No description
strativd
strativdOP3mo ago
Okay, thanks for clarifying @Sandeep ! Do you have an idea of when reset_option will be supported? For context, we need to add customers to ThoughtSpot groups to enforce permissions in our application. If we cannot reset groups when requesting a token, then we have to search for the user first, remove them from all permission groups, add them to necessary groups (again), and request another token. Unfortunately, we cannot use the full token endpoint (/api/rest/2.0/auth/token/full) because it does not support filters and parameters 🤔

Did you find this page helpful?