Problem Statement:
We created an M2M Application and a new API. In the API, we added the “current_user” scope. When requesting token for the M2M app, we received HTTP 403 responses error for user read requests.
com.auth0.exception.APIException: Request failed with status code 403: User to be acted on does not match the subject in bearer token.
Solution:
If any current_user scope is added to the API, the token will be treated as a non-M2M token and sub will be checked, so please omit current_user scopes when requesting the tokens for the M2M app.