TTC
Theo's Typesafe Cult3y ago
p6l.richard

What are your preferred methods to offer account deletion?

Building on this GH discussion on nextauth: https://github.com/nextauthjs/next-auth/discussions/3935 Do you currently add your own with CSRF etc.? Would be curious to know if anyone here has some strong opinions on that.
GitHub
Add delete account API endpoint · Discussion #3935 · nextauthjs/nex...
There should be an endpoint at /api/auth/delete that deletes a user, all sessions and all account entries associated with that user. Like the signout endpoint, it should require a POST request with...
1 Reply
Samathingamajig
Samathingamajig3y ago
i havent built anything that is public for people to be able to delete their accounts. i know that there's some EU law about being able to delete your accounts though, so if you operate there you need to have that option having it be built into nextauth seems weird, if it does come to exist it should have an easy way to opt-out, because of potential things like if you want to - Require 2fa before deleting account - Disable the account, but wait "x" days before actually deleting everything - Delete all other related user data (EU laws require deleted accounts to have all user data related to that account deleted, i believe)
Want results from more Discord servers?
Add your server