Auth0 Home Blog Docs

Unowned resource when trying to access user management API


#1

Hi, I’m getting this now when trying to use the API: api/v2/users/{userId}
this is after fetching a client credentials token; trying to fetch the details of a specific user.
Pretty sure i ticked all the boxes; not sure what to try next.

{
    "statusCode": 403,
    "error": "Forbidden",
    "message": "User to be acted on does not match subject in bearer token.",
    "errorCode": "unowned_resource"
}

#2

:wave: @gilbert If you decode the token through jwt.io for example you will be able to view the payload data (the issuer iss claim, the subject of the token sub claim, etc.). The issuer claim should be your auth0 domain, the audience claim should be the management api like https://tenant-name.auth0.com/api/v2/ , the sub claim should be your client, along with all the scopes listed under scope. Without any further details, I can’t say exactly why the Management API is failing with the error message that you’re seeing, but it seems the token you are sending is incorrect. To be able to call that API endpoint you’ll need to have an Auth0 Management API v2 token.

This document may be helpful:


#3

Hi Kim,
I found my problem - i had a rule that was stripping claims from the tokens - got rid of rull now all working.

Thanks for your quick response.

~gilbert


#4

Actually, now it’s broken again; let’s keep this open until i get resolution


#5

This is unlikely to be helpful to anyone; i ended up scrapping the Auth0 tenant and starting a new one.
Figured it had gotten into a state after me deleting and re-adding API’s & rules.