Secure flow to let user delete their own account

Hi @eva!

Welcome to the Auth0 Community!

We recommend using the client credentials flow via a backend process; see a related Community post’s solution here: Is it able to get management API access token and call management APIs via a React Native mobile application?

More specifically, you can do this with the Management API with an M2M token following this doc. You could create a self-hosted API with an endpoint that is configured to get an M2M token with the appropriate scopes for the Management API in the backend. Given that the API is hosted on the server, the client secret can be stored there securely. If an end-user from your app requests account deletion, then you call out to your API endpoint passing the logged-in user_id across. You could configure the endpoint to delete the account via the Management API’s Delete a User endpoint, and then you redirect the user to the logout endpoint.

Please let me know if you have any additional questions!

Best,

Mary Beth