I’m trying to allow users to delete themselves from Auth0 from a Next.js app. It doesn’t look possible with the @auth0/nextjs-auth0 library as I documented here. So, I’m now trying to do it still from Next.js using the node-auth0 library following this solution:
management.users.delete({ id: USER_ID }, function (err) {
if (err) {
// Handle error.
}
// User deleted.
});
However, I can’t seem to access the Auth0 Management API.
I tried this from the node-auth0 docs, adapted for Next.js:
import { AuthenticationClient, ManagementClient } from 'auth0'
const management = new ManagementClient({
token: access_token,
domain: `${process.env.AUTH0_DOMAIN}`,
clientId: `${process.env.AUTH0_MANAGEMENT_API_TEST_CLIENTID}`,
clientSecret: `${process.env.AUTH0_MANAGEMENT_API_TEST_SECRET}`,
scope: 'read:users update:users'
});
// Testing if I can get users
management.getUsers(function(err, users) {
if (err) {
// handle error.
}
console.log(users);
});
It says in the node-auth0 docs that “you can request a token when the user authenticates using any of our client side SDKs”. So I used the @auth0/nextjs-auth0 library’s getSession()
method to get the client’s access token. This was invalid.
I then tried removing the token
completely as the docs say “To obtain automatically a Management API token via the ManagementClient”. Still invalid token.
I then tried adding this, also adapted from the docs and after creating a machine-to-machine test application following the Management API Access Tokens docs and others related to it:
const authClient = new AuthenticationClient({
domain: `${process.env.AUTH0_DOMAIN}`,
clientId: `${process.env.AUTH0_MANAGEMENT_API_TEST_CLIENTID}`,
clientSecret: `${process.env.AUTH0_MANAGEMENT_API_TEST_SECRET}`,
});
await authClient.clientCredentialsGrant(
{
audience: `${process.env.AUTH0_AUDIENCE}`,
// scope: 'create:client_grants'
},
(err, response) => {
if (err) {
return console.log(err)
}
const management = new ManagementClient({
token: response.access_token,
domain: `${process.env.AUTH0_DOMAIN}`,
clientId: `${process.env.AUTH0_MANAGEMENT_API_TEST_CLIENTID}`,
clientSecret: `${process.env.AUTH0_MANAGEMENT_API_TEST_SECRET}`,
scope: 'read:users update:users'
});
management.getUsers(function(err, users) {
if (err) {
// handle error.
}
console.log(users);
});
}
);
Now I had an access token that seems to work but it doesn’t return any users at all.
I tried a lot of things, can’t remember them all. At one point the stack trace said to try creating a client grant so I read those docs too but don’t know yet how they fit into the puzzle.
Most of the examples and tutorials online tell us how to connect, create, and update, but stop short of delete.
What am I doing wrong? Anyone got a working example?