Auth0 Home Blog Docs

Delete user fail (403 - unowned_resource)



I can create/update users from my SPA but not delete user.
My token seems to be OK :
“iss”: “”,
“sub”: “auth0|5b4f010f8…”,
“aud”: [”,
“iat”: 1540543546,
“exp”: 1540550746,
“azp”: “VhguT…”,
“scope”: “openid email profile update:current_user_metadata read:users create:users update:users delete:users read:roles read:user_idp_tokens update:users_app_metadata create:user_tickets”
I can do POST and PATCH with this token but delete return 403 (try to delete an other user than token’s one)
any Idea ?


(DELETE|XXXXXXXXXXX using same Authorization:

Bearer header, working fine on POST and PUT)


Rectification : I can only update connected user itself, got same error when I try to update an other user
So, I may have misunderstood something…
I add scopes to my token using a rule, is it the matter ?