On signs out we are revoking token and deleting the credential from key chain. But when I’m trying to re login, the web authentication not asking password. I want user to enter the password every time when he re login to the Okta.
Tried below code
try? Keychain.deleteTokens()
try? self.credential?.remove()
self.credential = nil
URLCache.shared.removeAllCachedResponses()
if let cookies = HTTPCookieStorage.shared.cookies {
for cookie in cookies {
HTTPCookieStorage.shared.deleteCookie(cookie)
}
}
What type of application is this and are you currently clearing the user’s Okta/IdP session during logout, or do you only terminate their application session?
If this is an OpenID Connect integration, logout from the Identity Provider is typically completed using the /logout endpoint
To prompt users for password input every time they re-login to Okta, adjust the authentication flow to refrain from storing credentials persistently. Clear tokens and credentials upon logout and ensure fresh authentication upon login. Modify the authentication logic to request user credentials explicitly each time they attempt to log in. These steps enhance security and align with Okta’s recommended practices for session management and authentication security.
I have cleared the token and credentials from the app (keychain). But it is not clearing in the browser at SDK level. Will you please help me where do I need to make these changes.