Hi,
I am rookie web developer, that is developing a SPA using NextJS and React. Authentication is handled by Auth0 via ‘auth0/nextjs-auth0’. This is the only Auth0 package that I have installed.
From within my web app, if the currently logged in user decides to click on ‘Delete Account’ how do I make the call to Auth0 to delete that user?
In the Auth0 Dashboard > APIs, I can see two APIs defined.
It is possible to get an Access Token for the Management API so that the current user can update their profile, however, they will not be able to delete their account. The DELETE /api/v2/users/{id} endpoint requires the delete:users permission which is not in the list of available scopes and endpoints for SPAs.
Allow users to deactivate their account by storing a flag in the user’s app_metadata that indicates whether the account is active or not. You could use the PATCH /api/v2/users/{id} endpoint for this and request the update:current_user_metadata as a scope for the Auth0Provider in the app.
Create a Machine-to-Machine application for your own custom API and authorize it to use the delete:users scope. Instead of the client making the request to the Management API, it would be the backend. For example, if you are using the Node Management API client :
management.users.delete({ id: USER_ID }, function (err) {
if (err) {
// Handle error.
}
// User deleted.
});