Michele Volpato

Michele Volpato

Okta sign out vs app sign out


When you use OAuth2 with Okta to sign in users in your client app, you have two different sessions:

  • the Okta session, and
  • the client app session.

If you want to sign your user out, you need to close both sessions.

Closing the Okta session

You can close the Okta session by calling the logout endpoint.

If you use an SDK, there is probably a specific call for that.

oktaOidc.signOutOfOkta(authStateManager, from: self) { error in
    if let error = error {
        // Error

Closing the client app session

The client app session is closed by clearing tokens locally and revoking them, using the revoke endpoint.

Again, if you are using an SDK, there is a specific call for that.

authStateManager.revoke(authStateManager.refreshToken) { response, error in
    if let error = error else {
        // An error occurred
    // Token was revoked

Get a weekly email about Flutter

Subscribe to get a weekly curated list of articles and videos about Flutter and Dart.

    We respect your privacy. Unsubscribe at any time.

    Leave a comment