Okta sign out vs app sign out
1 min read

Okta sign out vs app sign out

There is a difference between signing out of Okta OAuth2 and signing out of your app.

When you use OAuth2 with Okta to sign in users in your client app, you have two different sessions:

  • the Okta session, and
  • the client app session.

If you want to sign your user out, you need to close both sessions.

Closing the Okta session

You can close the Okta session by calling the logout endpoint.

If you use an SDK, there is probably a specific call for that.

oktaOidc.signOutOfOkta(authStateManager, from: self) { error in
    if let error = error {
        // Error
        return
    }
}

Closing the client app session

The client app session is closed by clearing tokens locally and revoking them, using the revoke endpoint.

Again, if you are using an SDK, there is a specific call for that.

authStateManager.revoke(authStateManager.refreshToken) { response, error in
    if let error = error else {
        // An error occurred
        return
    }
    // Token was revoked
}

Wanna stay up-to-date with Flutter and Dart?

Subscribe to get a weekly email with the best articles about Flutter and Dart.

    We won't send you spam. Unsubscribe at any time.