Cannot Delete or Get a user "Not Found"

Hi, I am facing a problem with getting and deleting users. I am trying to do so using the API https://DOMAIN.auth0.com/users/userid using my custom API (which is not my Management API)

However I have been able to use the https://DOMAIN.com/userinfo API to get the current user info, using my Custom API.

And if I change my request to: https://DOMAIN.auth0.com/api/v2/users
I get:
{“statusCode”:401,“error”:“Unauthorized”,“message”:“Bad audience: https://custom_api_identifier/ https://DOMAIN.auth0.com/userinfo”}

My whole dev stack is SPA using angular in the front end, and .Net webapi as a backend. And I can’t use the Auth0 Management API because I need to use permissions and roles and these are not customizable there. So I need the Custom API but I don’t know how to get all users or get one user by its id or delete a user using the custom API audience

Hi @NNKamel,

When you need to make requests to a Management API endpoint (such as https://your-domain/api/v2/users), the API must be authorized to use the Management API. To do this, you’d create a machine-to-machine (M2M) application that represents your API and authorize the M2M app to use the read:users scope of the Management API.

  1. Create M2M app:

  2. Authorize it to use the Management API:

  3. Within your custom API, get an Access Token:

curl --request POST \
  --url https://YOUR-DOMAIN/oauth/token \
  --header 'content-type: application/json' \
  --data '{"client_id":"YOUR_M2M_APP_CLIENT_ID","client_secret":"YOUR_M2M_APP_CLIENT_SECRET","audience":"https://YOUR-DOMAIN/api/v2/","grant_type":"client_credentials"}'

  1. Use the Access Token from step 3 to call the Management API:
curl --request GET \
  --url https://YOUR-DOMAIN/api/v2/users \
  --header 'authorization: Bearer ACCESS_TOKEN'

So I just followed what you said and that worked for getting users, and thank you very much. But however when trying to set user roles, I get
{"statusCode":400,"error":"Bad Request","message":"Schema violation"}
which I don’t know why. Do you know the correct way to fix this request in C# code?

        dynamic body = new
        {
            roles = new List<string> { "Admin" }
        };
        var client = new RestClient($"https://DOMAIN.com/api/v2/users/{dictionary["sub"]}/roles");
        var restRequest = new RestRequest(Method.POST);
        restRequest.AddHeader("Authorization", mtok);
        restRequest.AddHeader("content-type", "application/json");
        restRequest.AddParameter("application/json", JsonConvert.SerializeObject(body), ParameterType.RequestBody);
        IRestResponse response = await client.ExecuteAsync(restRequest);

So mtok is my machine token that you just instructed me how to get it in step 3. And my userid is the “dictionary[“sub”]”, And I have an Admin role.

Great to hear that is working for you!

It looks like you are using the string “Admin” inside the roles list. Instead of using the role name, you’ll want to use the role ID (the role ID looks like rol_abc123). You can find the role ID by using the GET/api/v2/roles endpoint, or you can just go to User Management > Roles in your dashboard. Click on a role and copy the role ID from the URL:

https://manage.auth0.com/dashboard/us/YOUR-TENANT/roles/YOUR-ROLE-ID/settings
1 Like

Thank you very much. Worked as expected

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.