Delete user fail (403 - unowned_resource)

sl1 · October 26, 2018, 2:10pm

Hi,
I can create/update users from my SPA but not delete user.
My token seems to be OK :
{
“iss”: “https://xxx.auth0.com/”,
“sub”: “auth0|5b4f010f8…”,
“aud”: [
“https://xxx.auth0.com/api/v2/”,
“https://xxx.auth0.com/userinfo”
],
“iat”: 1540543546,
“exp”: 1540550746,
“azp”: “VhguT…”,
“scope”: “openid email profile update:current_user_metadata read:users create:users update:users delete:users read:roles read:user_idp_tokens update:users_app_metadata create:user_tickets”
}
I can do POST and PATCH with this token but delete return 403 (try to delete an other user than token’s one)
any Idea ?

thx

(DELETE https://xxx.auth0.com/api/v2/users/auth0|XXXXXXXXXXX using same Authorization:

Bearer header, working fine on POST and PUT)

sl1 · October 29, 2018, 3:16pm

Rectification : I can only update connected user itself, got same error when I try to update an other user
So, I may have misunderstood something…
I add scopes to my token using a rule, is it the matter ?

thx

konrad.sopala · August 27, 2019, 1:55pm

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?