Can't revoke accessToken


#1

Hi everyone,

I’m trying to figure out the revoke() method is working but after several attempts, it seems like my tokens aren’t revoked at all. The tokens variables still contain a String value.

BUT, if I call the clear() method, all of the tokens are set to nil.

Is there’s something I’m missing? Is it a bug?

Thanks for your help!


Platform: iOS 11.0 | Xcode 9.3.1 | Swift 4.1


#2

Hey @berty,

I’m assuming you’re using Okta’s iOS AppAuth Wrapper Library.

The OktaAuth.revoke() method takes an accessToken or refreshToken and passes it to Okta’s /revoke endpoint. Any following introspection or userinfo request will return an unauthorized status, as the User no longer has a valid token.

We made the decision to not clear the token from storage once it is revoked, as a more meaningful error message is visible to the developer and/or end user. Could this be why it appears to not be working?

In practice, it is good to revoke the accessToken and refreshToken before terminating the User’s session. So you’re certainly taking the correct steps!