Hi Dan. Thanks for your reply.
No, I’m not using Auth0. At this point I think that’s not possible in my system. My server-side relies on having credentials for a users cloud storage system (e.g., Dropbox, Google Drive) in order to access that cloud storage. It would be insufficient to just have Auth0 credentials.
It sounds like Auth0 uses Apple Sign In only for initially establishing an account, and from then on relies other credentials (SIWA?). I’m curious about what happens if a user revokes access for the application for Apple Sign In. Is that detected by Auth0? If so, how and when is that detected?
This detection of revocation is one of my concerns about Apple Sign In for my use case. It seems there are only limited opportunities to programmatically learn about when such a revocation occurs. More specifically, it seems this can typically only occur server-side and once every 24 hours. (See Apple Developer Documentation).
I’d appreciate any more insights you can provide.
Thanks,
Chris.