Allow currently logged in user of Web App to delete their account

stephanie.chamblee · March 25, 2021, 6:40pm

Welcome to the Community!

It is possible to get an Access Token for the Management API so that the current user can update their profile, however, they will not be able to delete their account. The DELETE /api/v2/users/{id} endpoint requires the delete:users permission which is not in the list of available scopes and endpoints for SPAs.

You can read more about getting an Access Token for your SPA here: Get Management API Access Tokens for Single-Page Applications

Here are a couple of options you might consider:

Allow users to deactivate their account by storing a flag in the user’s app_metadata that indicates whether the account is active or not. You could use the PATCH /api/v2/users/{id} endpoint for this and request the update:current_user_metadata as a scope for the Auth0Provider in the app.
Create a Machine-to-Machine application for your own custom API and authorize it to use the delete:users scope. Instead of the client making the request to the Management API, it would be the backend. For example, if you are using the Node Management API client :

  management.users.delete({ id: USER_ID }, function (err) {
    if (err) {
      // Handle error.
    }
 
    // User deleted.
  });

Topic		Replies	Views
App Using react-native-auth0 for Authentication - How to Delete Users? Get Help users , react-native-auth0	3	2956	September 23, 2022
How to delete user from Auth0 from Next.js using node-auth0 library? Get Help	0	3704	November 2, 2020
Deleting a user with auth0.js Get Help	7	5549	April 6, 2020
How do i delete a user from auth0? Get Help delete-user	2	14123	March 2, 2018
Update and delete user profile with Auth0 (React + express) Get Help auth0 , api , react , express	3	3701	October 21, 2024

Allow currently logged in user of Web App to delete their account

Related topics