Apple token revocation upon user deletion | Firebase


I’ve implemented Apple Sign In in my app and I’m working on user deletion. In particular, I’m wondering if anybody has implemented the token revocation when a user deletes their account?

I understand the basics of what goes while implementing the native AppleSign in button:

// native Sign in with Apple button from AuthenticationServices SDK
                              onRequest: avm.handleSignInWithAppleRequest,
                              onCompletion: avm.handleSignInWithAppleCompletion)

And it works great!

But now I’m struggling to revoke the token when a user deletes their account.

Based on the documentation, I’m supposed to make them reauthenticate again in order to collect their authorizationCode from their AppleIDCredential and then simply call Firebase SDK to delete their token like this:

try await Auth.auth().revokeToken(withAuthorizationCode: authCodeString)

However, the logic of obtaining the AppleIDCredential is abstracted away in the native SignInWithApple button and I don’t how to make this happen without this button. Obviously, I need this to happen from a “delete account” button. So I can’t use the code from the Firebase documentation as is.

Since June 2022, this is a requirement for all apps on the App Store that use Apple Sign In, so I’m hoping somebody has successfully solved that…

Many thanks!

Update: I think I’ve been looking at this the wrong way. The whole point is to re-authenticate the user, so in the user journey of deleting their account it makes sense to show the Apple Sign In button, from which I can call the method to revoke the token. Problem solved.