I received the mail below.
Starting June 30, 2022, apps submitted to the App Store that support account creation must also include an option to initiate account deletion.
We noticed this app may support account creation. If it already offers account deletion or you’re working to implement it, we appreciate your efforts to follow the App Store Review Guidelines. Apps submitted after June 30 that do not comply with the account deletion requirements in guideline 5.1.1(v) will not pass review.
However, the revoke api is not working properly. Even if you throw an incorrect key value, 200 is always returned.
Is the API working properly? What should I do?
Also complicating things, the AuthorizationCode expires after 10 minutes. So apparently the only way to get a new code to revoke the user's token is for them to sign in again, which is a strange user experience when they are trying to delete their account and revoke authentication.