Does OAuth2 and/or OpenID Connect have a feature to notify the client (e.g my app) about user deletions? If so is it part of the standard, or just some providers have it, some don’t?
Let’s have an example:
Does oauth2 have a mechanism for this scenario to somehow let my application know that ‘hey, this user deleted himself, clean up after him’?
Another example could be this site. I registered with my Github account. How would StackOverflow know it needs to delete my comments once my github account is long gone?
Thank you in advance!
No. There's no standard mechanism in the "OAuth canon" (collection of OAuth specs including OpenID Connect) to address this yet. The closest is the Security Events (secevents). The push-based delivery of a Security Event Token (SET) is still a draft. The RISC working group at the OpenID Foundation is working to define SETs for token issued, token revoked, account disabled, account purged, etc. events.
So, the answer to your question, currently, is no, but in time will be yes.