Michele Volpato

Michele Volpato

Okta sign out vs app sign out

Tips

When you use OAuth2 with Okta to sign in users in your client app, you have two different sessions:

  • the Okta session, and
  • the client app session.

If you want to sign your user out, you need to close both sessions.

Closing the Okta session

You can close the Okta session by calling the logout endpoint.

If you use an SDK, there is probably a specific call for that.

oktaOidc.signOutOfOkta(authStateManager, from: self) { error in
    if let error = error {
        // Error
        return
    }
}

Closing the client app session

The client app session is closed by clearing tokens locally and revoking them, using the revoke endpoint.

Again, if you are using an SDK, there is a specific call for that.

authStateManager.revoke(authStateManager.refreshToken) { response, error in
    if let error = error else {
        // An error occurred
        return
    }
    // Token was revoked
}

Get a weekly email about Flutter

Subscribe to get a weekly curated list of articles and videos about Flutter and Dart.

    We respect your privacy. Unsubscribe at any time.

    Leave a comment