Delete user fail (403 - unowned_resource)

I can create/update users from my SPA but not delete user.
My token seems to be OK :
“iss”: “”,
“sub”: “auth0|5b4f010f8…”,
“aud”: [”,
“iat”: 1540543546,
“exp”: 1540550746,
“azp”: “VhguT…”,
“scope”: “openid email profile update:current_user_metadata read:users create:users update:users delete:users read:roles read:user_idp_tokens update:users_app_metadata create:user_tickets”
I can do POST and PATCH with this token but delete return 403 (try to delete an other user than token’s one)
any Idea ?


(DELETE|XXXXXXXXXXX using same Authorization:

Bearer header, working fine on POST and PUT)

Rectification : I can only update connected user itself, got same error when I try to update an other user
So, I may have misunderstood something…
I add scopes to my token using a rule, is it the matter ?


Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?