Hi,
We’re new to auth0 and internal apps. We have several users that will be potentially logging in to a single ios device. The device will then do some data processing. I have incorporated a login to our auth0 domain, based on the sample code. It works - user is presented with the login, data processing can proceed.
I have seen the workaround for /logout redirect, but I am wanting to make sure I get the most secure (and successful) solution here.
Is there something better than /logout? Is there something else I need to put in place to clean up?
Thanks in advance!
Wondering, why do you consider the /logout
call a workaround? It’s actually the recommended way. Or what’s your concern around it?
Relevant docs on this:
Beside the /logout
call (to clear the session on Auth0 side), you should also clear the local application session and any tokens in memory that you received before.
My thoughts are that the Session Manager code from the sample, which is called to handle logout, should handle the sign out completely. I have read those documents, read the code, and the persistent session is less than desirable for a multi-user device. I am inquiring on best practices to get ideas for a better user experience. If /logout is the best there is, that’s great.