Until we do, you can mark the userId as deleted in your db, revoke all their sessions, and override the sign in API to prevent them from logging in if they are deleted.