Delete User doesn't delete user in Auth0

Help
1

Hi,

We have noticed that when we delete a user from wordpress this does not delete the user in Auth0. This presents a rather large problem for us with regards to GDPR compliance. When a user requests their data to be deleted it needs to be deleted everywhere it is stored.

I see there is a “delete Auth0 data” button in the user profile but that only deletes the WP Auth0 data, which renders the user record an orphan :frowning: .

I can’t see a way to hook into a “delete user” action in the plugin, it’s possible that I’ve missed it. A nudge in the right direction of how best to solve this would be greatly appreciated here.

3

Hey Sara!

Unfortunately not a PHP guy myself but let me ping me colleague to find more about it!

1 Like
4

Thank you :slight_smile: Let me know how you get on!

5

Sure! I will let you know once I get the response about it.

1 Like
6

Any luck with this issue?

7

Not yet. I asked my colleague but didn’t get a response yet. I’ll let you know once I get something!

8
  • You have noticed that when you delete a user from wordpress this does not delete the user in Auth0.
    • That’s expected. Not everyone would want that. More common is WordPress being a part of a larger network of applications and not wanting to kill off the Auth0 user.
  • You also saw there is a “delete Auth0 data” button in the user profile but that only deletes the WP Auth0 data.
    • Expected as well. Helpful if you sign in under the wrong account during testing. I’ll make a note to improve documentation there.
  • Is there a way to get rid of it completely? Behind the scenes reasoning is mainly GDPR
    • Delete it in Auth0 as well, you can use the delete_user hook in WP (delete_user | Hook | WordPress Developer Resources) and if you add the delete:user scope for the WP app in Auth0, youcan use the Management API token that’s retrieved by the plugin for your purposes.
1 Like