Unlink apple and revoke authorization

We’re looking to make changes to comply with apple’s delete account requirements due to go in to effect at the end of June. We are able to successfully link an apple account with sign in with apple. When we unlink the apple account - it seems to remove the apple link id from the nakama account, but our app continues to be associated with apple sign in, and the user credentials continue to be authorized. Is it expected that when we unlink an apple account, the user authorization token is revoked? If not, how do we do that?

We are using nakama 3.10. Unity SDK 3.4.1, and testing with an ios 14.6 device.

The AppleSignInUnity asset we are using that generates the token, doesn’t seem to have any logout or revoke functionality. The apple revoke authentication REST api seems to be server to server so we’re not sure how to accomplish this.

Hi @oscargoldman,

as you mentioned, the unlink action will only remove the Apple link ID from the Nakama account. In order to revoke the token, you could create an RPC function with the revoking logic as a before/after hook to the unlink action.

Let me know if that solves your issue.

Thanks for you response. Does the unlinkAppleAsync clear the email field for the account too?

We have gone down the rabbit hole of using apple’s REST api to revoke the token but it seems to have no effect. We get a 200 OK response from the api, but when we start up our mobile app, according to our appleSignInManager, the stored credentials are still authorized. The only thing that seems to revoke the credentials is signing out of apple using the iOS settings menu for Apps Using Apple ID.
We’re expecting that once we hit the api with the correct values and get a 200 response, the credential status would be revoked, and we should also get a CredentialsRevoked callback.
This sounds like it’s out of the purview of Nakama, but if anyone else on the forum has had success with revoking apple authentication, we would greatly appreciate any information you have.

Thanks for you response. Does the unlinkAppleAsync clear the email field for the account too?

No, that specific function will only clear the apple_id field for the account.