In iOS, when using either the browser sign-in or the custom sign-in implementations, signout(), revokeAccessToken(), revokeIdToken(), clearTokens() do not actually sign the user out. If using the browser sign-in, after signing out and then trying to re-sign in the user is able to enter the app without re-entering their user/pass. The browser sign-in page pops up and then instantly disappears and we are signed in to the app.
When I try using the custom sign-in, if “User A” signs out and then “User B” tries to sign in with different valid credentials, it returns a -600 error -“Authorization Error: Unexpected response format while retrieving authorization code.” . If I go into Okta console, find “User A” and then clear all session data/tokens, the custom sign-in will now work for “User B”. Anyone else encountered these issues?
Android works correctly.