I’ve implemented native iOS sign-in for a mobile app, following the documentation here: Add Sign In with Apple to Native iOS Apps
Under the “Logout” section, it mentions the steps needed for iOS native, logout as it isn’t leveraging the browser-based logout flow:
- Revoke the Auth0 Refresh Token
- Delete the Auth0 refresh token stored in the iCloud Keychain
- Delete the Apple user identifier stored in the iCloud keychain
For the first one, I’ve tried calling the /oauth/revoke endpoint linked, but it returns 401. I tried to find the setting to allow an auth method of none for the token endpoint, as suggested in the API docs, but this setting doesn’t appear to be available in the Application settings UI. My application is of type “Native”.
For the other two, I’ve been looking at the Auth0 Swift library but haven’t found a clear way to remove the refresh token and other data from the iCloud keychain.