[Openid-specs-ab] FYI: Apple is going to require token revocation on account deletion

[nov matake]

As a personal developer, I've asked Apple to change their guideline here.
https://developer.apple.com/contact/app-store/

I don't think they care about it though :p
> According to this news, you're starting to mandate Token Revocation on app's account deletion.
> https://developer.apple.com/news/?id=12m75xbj
> 
> However, not all apps are storing access nor refresh tokens after sign-in process completed, and token revocation is impossible in such case.
> 
> You should require token revocation only if the app is storing tokens.

iPhoneから送信

> 2022/06/20 12:57、Nat Sakimura <nat at digitalideas.tokyo>のメール:
> 
> 
> Interesting. We should talk about this in the next AB/C call. 
> 
> Sent with a Spark
> 2022年6月19日 21:36 -0600、nov matake via Openid-specs-ab <openid-specs-ab at lists.openid.net>のメール:
>> Hi,
>> 
>> Apple starts requiring app developers to call their token revocation API on account deletion, if the app is using Sign-in with Apple.
>> https://developer.apple.com/news/?id=12m75xbj
>> 
>> Since not all apps are storing access nor refresh tokens after the sign-in process completed, it seems unavailable for them.
>> 
>> Does anyone have communication channel with Apple to discuss this issue?
>> 
>> thanks
>> 
>> nov
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> https://lists.openid.net/mailman/listinfo/openid-specs-ab
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20220620/512d7088/attachment.html>