Confirm
471
edits
Changes
→Deleting The Account: rename to "destroy"
The user should be prompted for their password as confirmation (i.e. a browser in the normal attached-and-synchronizing state should not be able to erase the account information: it must acquire a new authToken first).
The device then obtains an authToken as described above, then spends it on a HAWK-protected request to the /account/delete destroy endpoint. This request contains no body and returns only a success code.
[[File:PICL-IdPAuth-deleteAccount.png|Deleting the Account]]
