Delete account / revoke access not working on Android #370
Description
In short: is there a library recommended way to revoke the auth token upon deleting user accounts for Android, like there is a recommended way for iOS?
I have reviewed the README and the additional Android documentation and can’t seem to see it. Apologies in advance if I’ve missed anything and thanks in advance for the help.
"react-native": “0.76.5"
"expo": "^52.0.23”
"@invertase/react-native-apple-authentication": "^2.4.0”
I’ve implemented sign in via Apple auth with rn-firebase and react-native-apple-authentication. I find it works a charm on iOS both when signing in as well as when the user deles their account, as encouraged in the documentation, I am revoking the token upon delete.
As for Android, I’ve implemented the code for sign in and it works well. However when I go to delete that account which invokes the code to revoke the token, it doesn’t do anything. On iOS the same code triggers a confirmation to re-auth after which it succeeds. Whereas on Android the code doesn’t seem to progress past getting an authorization code:
const deleteAppleAccount = async () => {
console.log("Deleting Apple account...t");
const currentUser = auth().currentUser;
if (!currentUser) throw new Error("No authenticated user");
console.log("Current user:", currentUser);
// Revoke Apple token
const { authorizationCode } = await appleAuth.performRequest({
requestedOperation: appleAuth.Operation.REFRESH,
});
console.log("Apple authorization code:", authorizationCode);
if (!authorizationCode) {
throw new Error(
"Apple Revocation failed - no authorizationCode returned"
);
}
await auth().revokeToken(authorizationCode);
console.log("Apple access revoked successfully");
// Delete user from Firestore
await firestore().collection("users").doc(currentUser.uid).delete();
console.log("Firestore user document deleted successfully");
// Delete Firebase Auth account
await currentUser?.delete();
console.log("Firebase Auth user account deleted successfully");
};Logs:
LOG Deleting Apple account..., UserProvider deleteAppleAccount
LOG Current user: {"displayName": null, "email": “khalil@****", "emailVerified": true, "isAnonymous": false, "metadata": {"creationTime": 1750875800308, "lastSignInTime": 1750875800308}, "multiFactor": {"enrolledFactors": [Array]}, "phoneNumber": null, "photoURL": null, "providerData": [[Object]], "providerId": "firebase", "tenantId": null, "uid": “Ev5***"}Upon further reading I can see that the REFRESH op doesn’t do on Android what it does on iOS. I’ve seen some suggestions to store the refresh token on sign in and then call https://appleid.apple.com/auth/revoke but I would imagine the refresh token would expire and also it doesn’t seem like a best practice.