Auth0 Home Blog Docs

Delete user fail (403 - unowned_resource)

management-api
delete-user

#1

Hi,
I can create/update users from my SPA but not delete user.
My token seems to be OK :
{
“iss”: “https://xxx.auth0.com/”,
“sub”: “auth0|5b4f010f8…”,
“aud”: [
https://xxx.auth0.com/api/v2/”,
https://xxx.auth0.com/userinfo
],
“iat”: 1540543546,
“exp”: 1540550746,
“azp”: “VhguT…”,
“scope”: “openid email profile update:current_user_metadata read:users create:users update:users delete:users read:roles read:user_idp_tokens update:users_app_metadata create:user_tickets”
}
I can do POST and PATCH with this token but delete return 403 (try to delete an other user than token’s one)
any Idea ?

thx

(DELETE https://xxx.auth0.com/api/v2/users/auth0|XXXXXXXXXXX using same Authorization:

Bearer header, working fine on POST and PUT)


#2

Rectification : I can only update connected user itself, got same error when I try to update an other user
So, I may have misunderstood something…
I add scopes to my token using a rule, is it the matter ?

thx