401 Bad Audience when trying to delete user

When trying to delete a user using

https://{my-domain}.eu.auth0.com/api/v2/users/auth0|{userid}

I get the response

{
“statusCode”: 401,
“error”: “Unauthorized”,
“message”: “Bad audience: {{my-audience}} https://{{my-domain}}.eu.auth0.com/userinfo”
}

Other calls (like https://{{my-domain}}.eu.auth0.com/userinfo) go through just fine with the same JWT token.

Can someone help me to figure out what I’m doing wrong?

Hi @die.mary.fisher,

Welcome to the Auth0 Community!

It looks like the access token you are using is not intended for the Management API.

It seems to be referencing your own audience and the /userinfo endpoint, which do not grant access to the Management API.

I suspect you are using the access token issued during the user’s login flow.

In this case, you will need to get an access token for the Management API and use it with the Delete a user endpoint.

To do so, you could go to your Auth0 Dashboard > Applications > APIs > Auth0 Management API and click on the API Explorer tab. On there, you should see a token which you can use with the Management API.

Alternatively you could also get this through the Client Credentials grant flow See Get Management API Access Tokens for Production for more details.

If you found this post helpful or interesting, please give it a like :+1: . Your interaction makes a difference. Have a wonderful day! :sun_with_face:

Thanks,
Rueben


:video_camera: Prefer how-to videos instead of written docs? We’ve got you covered! Check out our OktaDev YouTube channel for those helpful resources!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.