Today is the initial deadline to implement token revocation when user deletes account. Was it moved due to unclear requirements or it is not enforced at all?

I would also like to see an official Apple explanation about this feature. I assume Apple wants to stop users from using Apple ID for login in to the app after they delete account. At least this would make sense to me. We also use only public key in the current implementation, so we had to obtain access token and then revoke it. The result confirmed that after revocation users can no longer use apple ID for SIWA in this particular app. And the app disappeared from the "Apps using Apple ID" list. So basically calling "/revoke" is equivalent to "Stop using Apple ID" button in the Apple ID settings. So basically what we did was: Create client secret (construct and sign JWT) Create access token "/tokens" Revoke token "/revoke" Apple documentation is good for this steps and you can easily find all info. It just fails to explain what is expected for the new requirement.