Problem Deleting User with Authentication API

I have a Cloud Code script that creates users to hold information about player groups (it’s poor architecture, but I have been outvoted). I am working on a script to delete those users as well. However, I get an authentication error when attempting the deletion. Could someone suggest what I might be doing wrong here?

Here is my Cloud Code script. It is based upon the Delete User section of the Clint Authentication doc. I have a Service Account set up for the application with all 3 Authentication roles added.

const axios = require("axios-0.21");

module.exports = async ({ params, context, logger }) => {
  const { projectId, playerId, environmentId, accessToken } = context;
  const { groupId } = params;

  //Delete the user that owns the group (groupId)
  const deleteUserUrl = `https://player-auth.services.api.unity.com/v1/users/${groupId}`;
  const deleteUserConfig = {
    headers: {
      'Authorization': `Bearer ${accessToken}`,
      'ProjectId': projectId
    }
  };
  const response = await axios.delete(deleteUserUrl, deleteUserConfig);
};

And the response:

Invocation Error
------------------------------
Error: Request failed with status code 403

{
  "message": "Request failed with status code 403",
  "name": "Error",
  "request": {
    "headers": {
      "Accept": "application/json, text/plain, */*",
      "Authorization": "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InB1YmxpYzpBNTYwOTVEQS0xODJDLTQ1MjMtOUQyNS1DNzlEMzNBNEY5OUIiLCJ0eXAiOiJKV1QifQ.eyJhdWQiOlsiaWRkOjMzODhhNWVlLWU2MGUtNDJjYy1hMzQ0LWFlMDNmNGJmMzY0YSIsImVudk5hbWU6cHJvZHVjdGlvbiIsImVudklkOjc2ZWIxMGNmLWI3MjUtNDY0Yi05NWQyLWM0MDdjNmU1MDI1ZCIsInVwaWQ6MGRkZTFkZDUtMmU1NS00MWU3LTk4MTctNGQ2N2RjNDhkZjQ3Il0sImV4cCI6MTY3ODg5ODU3NSwiaWF0IjoxNjc4ODk0OTc1LCJpZGQiOiIzMzg4YTVlZS1lNjBlLTQyY2MtYTM0NC1hZTAzZjRiZjM2NGEiLCJpc3MiOiJodHRwczovL3BsYXllci1hdXRoLnNlcnZpY2VzLmFwaS51bml0eS5jb20iLCJqdGkiOiI5ZDhhYTllMy1kNjQyLTRjYTAtOWFmMC00YzU4YTljZGUwMDYiLCJuYmYiOjE2Nzg4OTQ5NzUsInByb2plY3RfaWQiOiIwZGRlMWRkNS0yZTU1LTQxZTctOTgxNy00ZDY3ZGM0OGRmNDciLCJzaWduX2luX3Byb3ZpZGVyIjoiYW5vbnltb3VzIiwic3ViIjoiU2tnaUNZSXNNZGxvVVhnYUl3a1VrZENyVVF4NSIsInRva2VuX3R5cGUiOiJhdXRoZW50aWNhdGlvbiIsInZlcnNpb24iOiIxIn0.yTb5mMxxvCaxVDpK18CMzW4nkF17VfbIkHEQQyzKRGU1txKT1CUTaZKyqXLx5rmVYLlTB1RwGbs6o65LjBumj1ivA4NPPc2E8PDj8y6_Yoib7bBJdV4oe7bG2nUEQxDyvHx4HHr1qaKDZtCXNzn3zU1_EC4jjMnoHa6GOenC2q7YSDug5IjvUX-4kA0zcHzh_7D3M382bWcfHGW2E587rdqNd0E1PdOEOdaprYjy4FQUUDbmrUb-H-cX_wOrVmVuRvHAT1TdfhxR3k2xDTqtXhhs_OCeQXtQXpGGKed-w95zhXAPEy20lultHQhqAz0W0AlK8NZCr8l2Ttl3b9Biyw",
      "ProjectId": "0dde1dd5-2e55-41e7-9817-4d67dc48df47",
      "User-Agent": "axios/0.21.4"
    },
    "method": "delete",
    "url": "https://player-auth.services.api.unity.com/v1/users/uIsm6XYcsqAN9VZLOpEO18b06JsT"
  },
  "response": {
    "detail": "Access token is unauthorized.",
    "details": [],
    "status": 403,
    "title": "UNAUTHORIZED_REQUEST"
  }
}

Thanks for your help!
Travis

I think you need to pass in the “serviceToken” not the accessToken. The accessToken only has permission related to that player’s account and cannot access other player’s data.

Hi Travis.

If you are calling the DELETE method on https://player-auth.services.api.unity.com/v1/users/${groupId}, then you would have to supply the player’s ID token to delete the player. This API specifically allows players to delete their own identities, but it’s important to note, that deleting a player identity in this way will not delete their data in other parts of UGS. For example, if you use Cloud Save to store player data, then that data will remain unless you specifically call Cloud Save to also delete the player’s data.

Are you using Cloud Save to store the groupings of players? In that case, you should be calling Cloud Save to delete the data on player groupings.

Following the above, if you call the Cloud Code script using a Service Account token, then you would not have access to the player ID token in the context of a running Cloud Code script. This means that the only method to delete a player would be through the admin APIs. The admin APIs have stricter rate limiting in place, so I’d like to understand your specific use case a bit better before I would be able to offer more guidance there.

If you want to delete player’s identities you have a couple of options. You could:

• Use the newly release CLI module, where we’ve recently release a player administration module https://services.docs.unity.com/guides/ugs-cli/latest/player/Player%20Command%20Line/Commands/delete
• Directly use the admin APIs with Service Account credentials. See Unity Services Web API docs and Admin authentication | Unity Services Web API docs
• Consider using the newly released Friends service to group players together! Welcome to Friends

Let me know if that answered your questions.

Thank you both for your replies. I have backed identity deletion out into a separate function which works great with service authentication. Thank you very much!

Hi,
I’m trying to implement the deletion of a player using Admin Web API but I can’t figure out which URL to use, I need to implement this for the Google Play Store account data deletion requirements.

I’m using Python on a backend server.

I’m able to delete the Cloud Saved data but not the player itself.

I tried the path as follow https://services.api.unity.com/cloud-save/v1/data/projects/{self.project_id}/environments/{self.environment_id}/players/{player_id}

Using a DELETE request.

Any help appreciated.

SOLVED found how to read the docs properly.

You’re welcome to share any insights about your solution, it might help people in the future! As well as that, do let us know if any part of the Documentation is not clear. We’re constantly trying to improve it!