I have 2 questions regarding the ruby-auth0 toolkit.
Currently I’m testing the Auth0 management API through a machine-to-machine application with limited scope ( update:users, delete:users, read:users_app_metadata, update:users_app_metadata, create:users_app_metadata)
The first action I’m trying out is deleting a user. I’m currently doing this with the following code:
require 'auth0/auth0_api' client = Auth0::Auth0Api.new( client_id: ENV['AUTH0_CLIENT_ID'], client_secret: ENV['AUTH0_SECRET'], domain: ENV['AUTH0_DOMAIN'] ).client client.delete_user(@user.uid)
This seems to work perfectly when passing a well formatted user_id . When the user exists, it gets deleted.
Though the return value of the delete_user method is just an empty string.
You are unable to check if the user is indeed deleted.
I tried this by passing a wel formatted user_id, but that user_id is non-existant. In that case, I also get an empty string returned from the delete_user method. When I capture the http response, I see Auth0 returns a 204 status with no content.
Is there a reason why there is no 404 response when a user could not be found, or at least getting a return value from the delete_user method that can be used to check if a user is properly deleted?
Another related question is, if the usage of the Auth0 management API is the correct way to be using the API for user data manipulations ( updating user info, closing user account).
The idea would be that that logged in user, should update its own data or close it. So perhaps this should be done in another way, where API calls are automatically only applicable on the currently logged in user space.