<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto">As a personal developer, I've asked Apple to change their guideline here.<div><a href="https://developer.apple.com/contact/app-store/">https://developer.apple.com/contact/app-store/</a></div><div><br></div><div>I don't think they care about it though :p</div><div><div><p dir="auto" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 16px; caret-color: rgb(87, 96, 106); color: rgb(87, 96, 106); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 14px; -webkit-text-size-adjust: 100%;"></p><blockquote type="cite"><p dir="auto" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 16px; caret-color: rgb(87, 96, 106); color: rgb(87, 96, 106); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 14px; -webkit-text-size-adjust: 100%;">According to this news, you're starting to mandate Token Revocation on app's account deletion.<br style="box-sizing: border-box;"><a href="https://developer.apple.com/news/?id=12m75xbj" rel="nofollow" style="box-sizing: border-box; color: var(--color-accent-fg); text-decoration: none; transition: color 80ms cubic-bezier(0.33, 1, 0.68, 1) 0s, background-color 0s ease 0s, box-shadow 0s ease 0s, border-color 0s ease 0s;">https://developer.apple.com/news/?id=12m75xbj</a></p><p dir="auto" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 16px; caret-color: rgb(87, 96, 106); color: rgb(87, 96, 106); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 14px; -webkit-text-size-adjust: 100%;">However, not all apps are storing access nor refresh tokens after sign-in process completed, and token revocation is impossible in such case.</p><p dir="auto" style="box-sizing: border-box; margin-top: 0px; margin-bottom: 0px; caret-color: rgb(87, 96, 106); color: rgb(87, 96, 106); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, Arial, sans-serif, "Apple Color Emoji", "Segoe UI Emoji"; font-size: 14px; -webkit-text-size-adjust: 100%;">You should require token revocation only if the app is storing tokens.</p></blockquote><br><div dir="ltr">iPhoneから送信</div><div dir="ltr"><br><blockquote type="cite">2022/06/20 12:57、Nat Sakimura <nat@digitalideas.tokyo>のメール:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr">
<title></title>
<div name="messageBodySection">
<div dir="auto">Interesting. We should talk about this in the next AB/C call. </div>
</div>
<div name="messageSignatureSection"><br>
Sent with a <a href="https://sparkmailapp.com/source?from=signature">Spark</a></div>
<div name="messageReplySection">2022年6月19日 21:36 -0600、nov matake via Openid-specs-ab <openid-specs-ab@lists.openid.net>のメール:<br>
<blockquote type="cite" style="border-left-color: grey; border-left-width: thin; border-left-style: solid; margin: 5px 5px;padding-left: 10px;">Hi,
<div><br></div>
<div>Apple starts requiring app developers to call their token revocation API on account deletion, if the app is using Sign-in with Apple.
<div><a href="https://developer.apple.com/news/?id=12m75xbj">https://developer.apple.com/news/?id=12m75xbj</a></div>
<div><br></div>
<div>Since not all apps are storing access nor refresh tokens after the sign-in process completed, it seems unavailable for them.</div>
<div><br></div>
<div>Does anyone have communication channel with Apple to discuss this issue?</div>
<div><br></div>
<div>thanks</div>
<div><br></div>
<div>nov</div>
</div>
_______________________________________________<br>
Openid-specs-ab mailing list<br>
Openid-specs-ab@lists.openid.net<br>
https://lists.openid.net/mailman/listinfo/openid-specs-ab<br></blockquote>
</div>
</div></blockquote></div></div></body></html>