My company has set up social connections (apple, google and facebook) and while digging into an issue around users not receiving our company’s delete account confirmation email when they delete their account on our platform. The specific users were Apple Social Connection users that elected to hide their email (utilize apple private relay documented here). After full investigation we have come to the root cause that the emails are bouncing because our Apple App is disconnected [1] from the user so the Apple Private Relay is bouncing the email. This seems to occur when an Apple Social user is deleted from Auth0. This same behavior does not seem to occur when a Facebook Social user is deleted as the Apps and Website is still Active on their facebook profile.
Please
help me understand if Auth0 is sending a request to Apple or all Social Connection paltforms to unlink the user’s previous consent for an Auth0 customer’s application.
Is there documentation around how this works per social provider?
[1]
On Mac go to system preferences → Apple ID → iCloud → Hide My Email → Options
[2]
Facebook Settings and Privacy → Settings → Apps and Websites
Apple created a new requirement earlier this year that when a user is deleted, a call has to be sent to a specific Apple API which can de-provision the user from that application. Long story short, this is unfortunately out of Auth0’s control as we are following the procedure laid out by Apple’s requirement which was implemented in June. You are correct in that Facebook and other social IDPs do not have this additional requirement.
I don’t believe there is any plan to document this behavior as Auth0 is just following the procedure required by Apple. It might be worth creating a feedback request though - I’m sure others will be running into the same issue! Our product team monitors these pretty closely, so if there is enough engagement they may be swayed to add something in our documentation.