Delete User Account with Native Authentication

Deleting a User’s Account

There may come a time when a user would like to delete their account. While you cannot do this from the device, you can do it server side. This will guide you through the steps to do that.

Get the Access Token to your Server

We’ll assume that you have a signed-in user and upon successful account deletion your server returns a JSON response that looks like: {"stat": "ok"}.

  1. From your mobile application, send the user’s access token to your server. In the examples below, we’ll assume that your web application has a delete-user endpoint that takes an access_token parameter. We will be making a request to this endpoint.
  2. When you get a response back, check whether or not the status is “ok”. If it is “ok”, then sign the user our of the SDK and delete all references to it.

iOS

Your code in iOS might look something like this:

    NSString *url = [NSString stringWithFormat:@"https://your.server/delete-user?access_token=%@",
                                               [JRCapture getAccessToken]];
    NSMutableURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:url]];

    void (^handler)(NSURLResponse*, NSData*, NSError*) =
            ^(NSURLResponse* response, NSData* data, NSError* connectionError) {
                if (connectionError) {
                    // Do error handling
                } else {
                    NSError *error = nil;
                    NSDictionary *dict = [NSJSONSerialization JSONObjectWithData:data options:0 error:&error];
                    if (error) {
                        // handle error
                    } else if ([@"ok" isEqualToString:[dict objectForKey:@"stat"]]) {
                        // Sign the user out from the device
                        // If you've stored the user to disk, delete it here.
                        appDelegate.captureUser = nil;
                        [JRCapture clearSignInState];
                    } else {
                        // handle bad status
                    }
                }
            };

    [NSURLConnection sendAsynchronousRequest:request queue:[NSOperationQueue mainQueue] completionHandler:handler];

Android

Your code for Android might look something like this:

    private class DeleteUserTask extends AsyncTask<URL, Integer, JSONObject> {
        @Override
        protected JSONObject doInBackground(URL... urls) {
            URL url = urls[0];
            JSONObject result = null;
            HttpURLConnection urlConnection = null;
            try {
                urlConnection = (HttpURLConnection) url.openConnection();
                InputStreamReader streamReader = new InputStreamReader(urlConnection.getInputStream());
                BufferedReader bufferedReader = new BufferedReader(streamReader);
                StringBuilder builder = new StringBuilder();
                String line;
                while ((line = bufferedReader.readLine()) != null) {
                    builder.append(line + "\n");
                }
                bufferedReader.close();
                String jsonString = builder.toString();
                result = new JSONObject(jsonString);
            } catch (IOException e) {
                e.printStackTrace();
            } catch (JSONException e) {
                e.printStackTrace();
            } finally {
                urlConnection.disconnect();
            }

            return result;
        }

        @Override
        protected void onPostExecute(JSONObject result) {
            if (result != null && "ok".equals(result.optString("stat"))) {
                // remove any references that you may have to the signed in user
                Jump.signOutCaptureUser(MainActivity.this);
            } else {
                // handle bad response
            }
        }
    }

    private void deleteUser() {
        if (Jump.getSignedInUser() != null) {
            try {
                URL url = new URL("https://your.server/delete-user?access_token=" + Jump.getAccessToken());
                new DeleteUserTask().execute(url);
            } catch (MalformedURLException e) {
                e.printStackTrace();
            }
        }
    }

On the Server

  1. Use the entity endpoint with the access token to get the user’s UUID
  2. Using a client id and secret for a user with sufficient privileges and the UUID from 1, delete the user with entity.delete
  3. Respond to the client with a success response.

Here is a simple Python Flask application that shows how to delete a user:

from flask import Flask, request, jsonify
import requests

app = Flask(__name__);

@app.route("/delete-user")
def delete_user():
    access_token = request.args.get("access_token")

    if not access_token:
        return jsonify(stat="error",
                       reason="Missing required parameter 'access_token'")

    uuid_response = get_uuid_response(access_token)
    if uuid_response["stat"] != "ok":
        return jsonify(uuid_response)

    uuid = uuid_response["result"]

    delete_response = get_delete_user_response(uuid)
    if delete_response["stat"] != "ok":
        return jsonify(delete_response)

    return jsonify(stat="ok")

def get_uuid_response(access_token):
    payload = {
            "access_token": access_token,
            "type_name": app.config["USER_ENTITY_TYPE"],
            "attribute_name": "uuid"
    }
    url = app.config["DOMAIN"] + "/entity"
    r = requests.post(url, data=payload)
    return r.json()

def get_delete_user_response(uuid):
    payload = {
            "client_id": app.config["CLIENT_ID"],
            "client_secret": app.config["CLIENT_SECRET"],
            "type_name": app.config["USER_ENTITY_TYPE"],
            "uuid": uuid
    };
    url = app.config["DOMAIN"] + "/entity.delete"
    r = requests.post(url, data=payload)
    return r.json()

if __name__ == "__main__":
    app.config.from_pyfile('config.cfg')
    app.run()