As of WWDC 2021, there’s a new App Store Review guideline:
- 5.1.1(v): Apps supporting account creation must also offer account deletion.
What function in the RealmSwift SDK should I use to delete a user’s account (for example, that uses email authentication), to comply with this guideline?
Thanks.
In Europe this functionality is also required and is commonly called “the right to be forgotten”.
The following is not Swift specific, but I think the answer to your question can be generally found here:
Hmm, I’m surprised that dropping down to performing REST calls would be necessary here.
This is a function that ostensibly every app using Realm sync on the App Store must offer (or face rejection).
Would it be reasonable to expect therefore that this would be a part of the Swift SDK?
I have not found any function for deleting a user in any of the SDKs (Swift, RN, node, etc.). It seems the Realm Administration API is the only way to do this from within an application, but check the security implications: “Client applications should not use the admin API. Instead, use one of the Client SDKs for tasks like authenticating users, calling functions, and interacting with services.”
You could call the Realm Administration API via a server function.
Due to the pretty severe limitations of Realm email authentication, I am considering using Realm JWT authentication with a 3rd party provider such as Auth0 which is able to handle change of user email address, and import/export all users, both of which are not possible in Real email/password authentication.
Another alternative might be to use the Realm Custom Function authentication provider, which enables you to develop or use your own authentication scheme.
In both cases (JWT or Custom Function) the user would still need to be deleted from Realm, but it would not contain any identifiable information, like an email address.