Log Users Completely Out of Auth0 On Swift

BrandonGardner2 · August 28, 2019, 4:33pm

Hi everyone,

I am implementing a WebView application in Swift that needs to use Auth0-Swift for login which is passed to the web application.

The login works okay. Logging in successfully authenticates with Auth0 and also the web application. However, when a user logs out which triggers credentialsManager.clear, the login information seems to still be saved. So the next time the user taps log in, their information is automatically used and they are passed along to the application. We need this to force them to enter their credentials again instead.

It also appears that after logging out, when the user presses log in the first time, it doesn’t successfully redirect? Not sure, probably a dumb error on our part. Pressing login again successfully moves the user onward.

How can we forcibly remove the login credentials when the user actually presses logout so that the next time Auth0 swift tries to authenticate, they are required to type credentials in again?

dan.woda · August 28, 2019, 8:50pm

Hi @BrandonGardner2,

A couple of questions to clarify:

Are you using a quickstart?
Can you post the exact code you are using to log out?

Thanks,
Dan

BrandonGardner2 · August 28, 2019, 9:02pm

Hey Dan,

I believe it was done using quick start.

Here is logout code listening for a WebView message:

extension ViewController: WKScriptMessageHandler {
func userContentController(_ userContentController: WKUserContentController, didReceive message: WKScriptMessage) {
    if message.name == messageName {
        let _ = credentialsManager.clear()
        LandingViewController.makeRootViewController()
    }
}

and in another location through a settings menu

    @IBAction func onLogoutTapped(_ sender: UIButton) {
    self.credentialManager.clear()
    LandingViewController.makeRootViewController()
}

dan.woda · August 28, 2019, 9:24pm

Are you using SSO with multiple apps?

BrandonGardner2 · August 28, 2019, 9:32pm

I don’t know that we are for sure? We have universal login setup and a web auth login using auth0-js for a React app and then the auth0-swift for this webview application. Would you mind expanding a little? If it is something we would have needed to explicitly code, I doubt it.

If it helps, I can tell you that the credentials being saved persist even through deleting and reinstalling the application.

dan.woda · August 28, 2019, 10:11pm

It sounds like there is a session cookie persisting in the browser. Logout occurs on multiple layers, the application, the auth server (with a cookie), and with the IdP. Can you try this?

Topic		Replies	Views
Swift log-out function not working correctly Help ios , swift , xcode , auth0swift	2	4576	August 29, 2019
Automatically logs in despite clearing credentials for logut iOS (Swift) Help swift , auth0swift	6	5606	March 26, 2019
Auth0 iOS Logout Help	4	2474	August 28, 2020
Swift login alert shows up when you logout Help auth0	37	19928	January 13, 2021
How to Logout the user completely in iOS Device? Help logout , auth0 , ios , native	2	6378	February 9, 2019

Log Users Completely Out of Auth0 On Swift

Related Topics