Search Unity

  1. We are migrating the Unity Forums to Unity Discussions. On July 12, the Unity Forums will become read-only. On July 15, Unity Discussions will become read-only until July 18, when the new design and the migrated forum contents will go live. Read our full announcement for more information and let us know if you have any questions.

Question Problem Deleting User with Authentication API

Discussion in 'Cloud Code' started by traviswinegar, Mar 15, 2023.

  1. traviswinegar


    Nov 29, 2022
    I have a Cloud Code script that creates users to hold information about player groups (it's poor architecture, but I have been outvoted). I am working on a script to delete those users as well. However, I get an authentication error when attempting the deletion. Could someone suggest what I might be doing wrong here?

    Here is my Cloud Code script. It is based upon the Delete User section of the Clint Authentication doc. I have a Service Account set up for the application with all 3 Authentication roles added.

    Code (JavaScript):
    1. const axios = require("axios-0.21");
    3. module.exports = async ({ params, context, logger }) => {
    4.   const { projectId, playerId, environmentId, accessToken } = context;
    5.   const { groupId } = params;
    7.   //Delete the user that owns the group (groupId)
    8.   const deleteUserUrl = `${groupId}`;
    9.   const deleteUserConfig = {
    10.     headers: {
    11.       'Authorization': `Bearer ${accessToken}`,
    12.       'ProjectId': projectId
    13.     }
    14.   };
    15.   const response = await axios.delete(deleteUserUrl, deleteUserConfig);
    16. };

    And the response:

    Code (JavaScript):
    1. Invocation Error
    2. ------------------------------
    3. Error: Request failed with status code 403
    5. {
    6.   "message": "Request failed with status code 403",
    7.   "name": "Error",
    8.   "request": {
    9.     "headers": {
    10.       "Accept": "application/json, text/plain, */*",
    11.       "Authorization": "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzpBNTYwOTVEQS0xODJDLTQ1MjMtOUQyNS1DNzlEMzNBNEY5OUIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiaWRkOjMzODhhNWVlLWU2MGUtNDJjYy1hMzQ0LWFlMDNmNGJmMzY0YSIsImVudk5hbWU6cHJvZHVjdGlvbiIsImVudklkOjc2ZWIxMGNmLWI3MjUtNDY0Yi05NWQyLWM0MDdjNmU1MDI1ZCIsInVwaWQ6MGRkZTFkZDUtMmU1NS00MWU3LTk4MTctNGQ2N2RjNDhkZjQ3Il0sImV4cCI6MTY3ODg5ODU3NSwiaWF0IjoxNjc4ODk0OTc1LCJpZGQiOiIzMzg4YTVlZS1lNjBlLTQyY2MtYTM0NC1hZTAzZjRiZjM2NGEiLCJpc3MiOiJodHRwczovL3BsYXllci1hdXRoLnNlcnZpY2VzLmFwaS51bml0eS5jb20iLCJqdGkiOiI5ZDhhYTllMy1kNjQyLTRjYTAtOWFmMC00YzU4YTljZGUwMDYiLCJuYmYiOjE2Nzg4OTQ5NzUsInByb2plY3RfaWQiOiIwZGRlMWRkNS0yZTU1LTQxZTctOTgxNy00ZDY3ZGM0OGRmNDciLCJzaWduX2luX3Byb3ZpZGVyIjoiYW5vbnltb3VzIiwic3ViIjoiU2tnaUNZSXNNZGxvVVhnYUl3a1VrZENyVVF4NSIsInRva2VuX3R5cGUiOiJhdXRoZW50aWNhdGlvbiIsInZlcnNpb24iOiIxIn0.yTb5mMxxvCaxVDpK18CMzW4nkF17VfbIkHEQQyzKRGU1txKT1CUTaZKyqXLx5rmVYLlTB1RwGbs6o65LjBumj1ivA4NPPc2E8PDj8y6_Yoib7bBJdV4oe7bG2nUEQxDyvHx4HHr1qaKDZtCXNzn3zU1_EC4jjMnoHa6GOenC2q7YSDug5IjvUX-4kA0zcHzh_7D3M382bWcfHGW2E587rdqNd0E1PdOEOdaprYjy4FQUUDbmrUb-H-cX_wOrVmVuRvHAT1TdfhxR3k2xDTqtXhhs_OCeQXtQXpGGKed-w95zhXAPEy20lultHQhqAz0W0AlK8NZCr8l2Ttl3b9Biyw",
    12.       "ProjectId": "0dde1dd5-2e55-41e7-9817-4d67dc48df47",
    13.       "User-Agent": "axios/0.21.4"
    14.     },
    15.     "method": "delete",
    16.     "url": ""
    17.   },
    18.   "response": {
    19.     "detail": "Access token is unauthorized.",
    20.     "details": [],
    21.     "status": 403,
    22.     "title": "UNAUTHORIZED_REQUEST"
    23.   }
    24. }
    Thanks for your help!
  2. lsaeteurn


    Jan 26, 2023
    I think you need to pass in the "serviceToken" not the accessToken. The accessToken only has permission related to that player's account and cannot access other player's data.
    Last edited: Mar 17, 2023
  3. francoisjjunity


    Unity Technologies

    Nov 23, 2020
    Hi Travis.

    If you are calling the DELETE method on `${groupId}`, then you would have to supply the player's ID token to delete the player. This API specifically allows players to delete their own identities, but it's important to note, that deleting a player identity in this way will not delete their data in other parts of UGS. For example, if you use Cloud Save to store player data, then that data will remain unless you specifically call Cloud Save to also delete the player's data.

    Are you using Cloud Save to store the groupings of players? In that case, you should be calling Cloud Save to delete the data on player groupings.

    Following the above, if you call the Cloud Code script using a Service Account token, then you would not have access to the player ID token in the context of a running Cloud Code script. This means that the only method to delete a player would be through the admin APIs. The admin APIs have stricter rate limiting in place, so I'd like to understand your specific use case a bit better before I would be able to offer more guidance there.

    If you want to delete player's identities you have a couple of options. You could:
    - Use the newly release CLI module, where we've recently release a player administration module Command Line/Commands/delete
    - Directly use the admin APIs with Service Account credentials. See and
    - Consider using the newly released Friends service to group players together!

    Let me know if that answered your questions.
  4. traviswinegar


    Nov 29, 2022
    Thank you both for your replies. I have backed identity deletion out into a separate function which works great with service authentication. Thank you very much!