For Power-Up privacy compliance, will tokenRevoked event still be returned if user re-authorizes Power_up?

Trello
1

Typical use case:

  • User adds my Power-Up
  • User uninstalls my Power-Up and revokes API access
  • Within a week, my server checks …/compliance/memberPrivacy/ API and sees “tokenRevoked” event for the user.
  • My app scrubs the user’s data from my system

Is the following something that could occur?

  • User adds my Power-Up
  • User uninstalls my Power-Up and revokes API access
  • User changes their mind and adds Power-Up again
  • Within a week, my server checks …/compliance/memberPrivacy/ API and sees “tokenRevoked” event for the user (<-- Would this still happen? This would cause me to effectively delete an active user in my system)
2

The example you provided is possible, tokenRevoked events are not removed if a user re-authorizes. There may be ways around deleting an active user such as comparing the dates where the tokenRevoked event occurred with the date the token was granted to the user.