I am developing a mobile app and using Auth0 as my authentication provider. Currently, I am in a stage of development where I have started internal testing on Google Play Console and I saw that I have to provide a link for the user to be able to delete their account without using the mobile app. As my app requires registering I am required to have that functionality. I am using Spring Boot for the backend but I wasn’t able to find any reasonable way of implementing the required functionality. I am aware that I have to create some kind of web app which was part of the further plan but it seems that it will have to be done earlier than planned. My frontend of choice is Angular for now, as I am planning to create a Web version of the app, but I wasn’t able to implement the needed future jet.
What I have tried:
I created an MTM application on Auth0 so I would be able to consume Auth0 Management API from Spring backend API. The idea is that both the mobile app and web app would be able to consume API to delete an account and user data in the database. The backend is already registered as API on Auth0 so that authorized applications can access it. For that, I am using okta-spring-boot-starter and I am interested if there is anything similar for consuming Auth0 Management API or if the Java code snippet from Get Management API Access Tokens for Production is the only way. Then the Angular frontend could access API registered as an SPA application in Auth0.
If my approach is correct I would greatly appreciate any help on how to consume Auth0 Management API from Spring API securely. If not, is there a better and more secure way of providing the user with a way to delete their account via a website?
Any help would be greatly appreciated.