Loading

Allowing Mobile Publisher for Experience Cloud App Users to Initiate Deletion of Their Data

Fecha de publicación: Jun 4, 2026
Descripción

This knowledge article contains important information about:
 


Who's Impacted by the Apple Review Guideline and Google Play Policy?

Your iOS or Android Mobile Publisher for Experience Cloud app is impacted if its associated Experience Cloud site allows guest users to self-register.

Apple may reject Mobile Publisher for Experience Cloud apps associated with those sites that are submitted to the App Store, after June 30, 2022. Similarly, Google may reject Mobile Publisher for Experience Cloud apps associated with those sites that are submitted to Google Play, after December 7, 2023.

In both cases, your app can be rejected even if the submission consists of an update to an app that's already published. 

Solución

What Action to Take if Impacted?

Before June 30, 2022 for iOS apps and before December 7, 2023 for Android apps, you need to allow your users to initiate the deletion of their data from within the Experience Cloud site. The process is:

  1. Enable the User Self Deactivate setting.

  2. Use the Customizable User Settings component to show users a  button to initiate the deletion of their data on their site’s My Settings page.

    It’s recommended that you customize the Deactivate Account Button label, and other Deactivate Account user settings, in the component’s property editor to use the term Delete rather than Deactivate. This customization ensures that you meet Apple’s account deletion requirements and Google’s account deletion requirements.

    You may not want to use the Customizable User Settings component to initiate the deletion of their data. For example, you may have special branding requirements. Instead, you can build your own custom component or use a Flow component. See the example below for details on using a Flow component for this purpose.

  3. After a user initiates the deletion of their data, delete all the user’s data stored in the Salesforce platform, as per your local data protection and privacy regulations. For information on deleting user data from the Salesforce platform, refer to Data Deletion for Experience Cloud Sites, Data Deletion for the Salesforce Platform, and Let Users Scramble Their User Data.

    You can also use a Flow component to receive a notification when a user initiates deletion of their data, as explained below.

    Using an Apex query, you can programatically revoke the app user’s OAuth access token and delete their ThirdPartyAccountLink (TPAL). Note that Apex queries that return multiple tokens and TPALs, can result in performance issues and rapidly reach the transaction limit. You can get around this limit by performing queries in a batch job. Examples are shown below.

 

Example: Use a Flow Component to Allow Users to Initiate Deletion of their Data

The recommended method for allowing users to initiate the deletion of their data is by using the Customizable User Settings component. However, you may want to instead use a Flow component, as explained here.

  1. Assign the Run Flows user permission to your site users.
  2. Build the new flow.
  3. Choose Screen Flow for the flow type, and then click Create.
  4. Add the Update Records element to the canvas.
  5. In the New Update Records window, specify the following information and then click Done.
    1. Label: Initiate External User Data Deletion
      1. API Name: Initiate_External_User_Data_Deletion.
      2. Select Specify conditions to identify records, and set fields individually
      3. Object: User
        1. Filter User Records 
          1. Field: Id
          2. Operator: Equals
          3. Value: {$User.Id}
          4. Set Field Values for the User Records
          5. Field: isActive
          6. Value: {!$GlobalConstant.False}
  6. Click Save.
  7. In the Save the flow window, specify the following information and then click Save.
    1. Flow Label: Initiate External User Data Deletion
    2. Flow API Name: Initiate_External_User_Data_Deletion
  8. Click Activate
  9. Using Experience Builder, add the Flow component to your site.
    For this example, it’s recommended that you don’t directly add the Flow component to the User Settings page. Instead, update the flow to add at least a start screen, so that the data deletion doesn't occur as soon as the page is displayed or the flow launched. Then add the Flow component to a new page and link to that page from the User Settings page.
  10. Select the Flow component.
  11. In the component’s property editor, select Initiate External User Data Deletion from the Flow dropdown menu.
  12. If you're using audience targeting, make sure that the user identified to test the app has access to the page containing the Flow component
  13. Publish the site.
 

Example: Use a Flow Component for Notification that a User has Initiated the Deletion of their Data

You need to know if a user has initiated the deletion of their data, so that you can then delete their data. One way to do this is by modifying the flow created in the previous example.

  1. Using Flow Builder, select the Initiate External User Data Deletion flow.
  2. On the canvas, add the Action element below the Update Records element.
  3. In the New Action window, specify the following information and then click Done.
    1. Action: Send Email
    2. Label: Send email
    3. API Name: Send_Email
    4. Body: This user has self-deactivated their account: {!$User.Id}  
    5. Subject: New deactivated user
    6. Email Addresses (comma-separated): Enter the email recipient, for example, the org admin's email.
  4. Click Save and then Activate.

Example: Use Apex to Revoke User’s OAuth Access Token

Query the OauthToken object with the userId of the user who wants to initiate deletion of their account. You can filter the query by appName to return the app tokens you want. If you are using flows, note that flows do not allow create, update, or delete actions to be taken in the same transaction (which is a single method in Apex) as a lookup or callout.

public void revokeToken(String userId){   
    //Look up OauthTokens for the user
    List< OauthToken > tokens = [SELECT ID, DeleteToken FROM OauthToken 
        WHERE userid =: userId AND AppName = '<AppName>';

    //Contruct the url to hit the revoke token endpoint with desired token
    String baseUrl = '<base myDomain>';
    String revokeEndpoint = '/services/oauth2/revoke?token=';
    String tokenEncoded = EncodingUtil.URLENCODE(tokens[0].DeleteToken,'UTF-8');
    baseUrl += revokeEndpoint += tokenEncoded;

    //Http request to actualy hit the endpoint
    HttpRequest req = new HttpRequest();
    req.setEndpoint(URL);
    req.setHeader('Content-Type','application/x-www-form-urlencoded');
    req.setMethod('GET');

    Http http = new Http();
    HttpResponse res = http.send(req);
    system.debug('Response was: '+res);
        
}

Example: Use Apex to Delete the the ThirdPartyAccountLink (TPAL)

Use the userId of the user who wants to initiate deletion of their account to query for all associated TPALs. The query then deletes each returned TPAL.

A few things to note:

  • The database table has an index on the OrganizationId, SsoProviderId, Provider, and userId (parentId) fields. Since the query includes these fields in the where clause (OrganizationId is used automatically), the index can be used for optimization.
  • Make sure you have the ManageUsers user permission (otherwise, you are calling your own userId).
  • The org must have the EditThirdPartyAccountLink org permission.
List<ThirdPartyAccountLink> tpals = [select Id, UserId, SsoProviderId, Provider, RemoteIdentifier from ThirdPartyAccountLink where UserId = '005xx00000#####'];
for (ThirdPartyAccountLink tpal : tpals) {
Auth.AuthToken.revokeAccess(tpal.SsoProviderId, tpal.Provider, tpal.UserId, tpal.RemoteIdentifier);
}

Where Can I Ask Questions about this Change?

Open a support case and make sure that you mention this knowledge article.
 
Número del artículo de conocimiento

000392376

 
Cargando
Salesforce Help | Article