WARNINGLikelyGuideline 4.8iOSDesign

SIWA Token Revocation on Account Deletion

When users delete their account, apps must revoke the Apple Sign In token to fully disassociate the Apple ID.

Quick Fix

When deleting a user account that was created via Sign in with Apple, call Apple's token revocation endpoint (https://appleid.apple.com/auth/revoke) to fully disassociate the Apple ID from your app.

What Gets Detected

Detection Type:CODE PATTERN

Triggers (any of these):

deleteAccountdeleteUserremoveAccount

Required if triggered (any of these fixes it):

appleid.apple.com/auth/revokerevokeTokenASAuthorizationAppleIDProvider.getCredentialState

View Official Apple Documentation

Check Your App

Scan your project to see if this rule affects your app

Run Free Scan

Related Rules

REJECTION4.8

SIWA Token Revocation on Account Deletion

Quick Fix

What Gets Detected

Check Your App

Related Rules

Sign in with Apple Required

Minimum Functionality (Web Wrapper)

Spam / Template Detection

SIWA Error Handling Missing