Okta sign out vs app sign out

When you use OAuth2 with Okta to sign in users in your client app, you have two different sessions:

If you want to sign your user out, you need to close both sessions.

Closing the Okta session

You can close the Okta session by calling the logout endpoint.

If you use an SDK, there is probably a specific call for that.

oktaOidc.signOutOfOkta(authStateManager, from: self) { error in
    if let error = error {
        // Error
        return
    }
}

Closing the client app session

The client app session is closed by clearing tokens locally and revoking them, using the revoke endpoint.

Again, if you are using an SDK, there is a specific call for that.

authStateManager.revoke(authStateManager.refreshToken) { response, error in
    if let error = error else {
        // An error occurred
        return
    }
    // Token was revoked
}