When to use revoke() and when signOut() Swift SDK

aurimasbavarskis · May 25, 2023, 11:13am

I am using Okta Swift SDK. It is not fully clear to me when (Credential) revoke() should be used and when (WebAuthentication) signOut() flow should be used.

From the SDK documentation:

Revoking a token causes it to become invalidated on the server

If the credentials are revoked on the server and cleared in the app, that’s as good as a user being signed out as far as I can tell. Why would I use a sign out flow in the app (additional UI flow) when revoking can do the same work without any additional actions from the user?

Could someone clarify this for me?

erik · May 25, 2023, 10:40pm

Hello,

Doing a logout would end your Okta Session, see OpenID Connect & OAuth 2.0 API | Okta Developer

In cases where a user logins with a device browser and a Ephemeral Session is not used, the Okta session cookie will persist in the browser. Calling logout will remove this session from the browser.

system · June 6, 2023, 7:05am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.