Log Users Completely Out of Auth0 On Swift

BrandonGardner2 · August 28, 2019, 4:33pm

Hi everyone,

I am implementing a WebView application in Swift that needs to use Auth0-Swift for login which is passed to the web application.

The login works okay. Logging in successfully authenticates with Auth0 and also the web application. However, when a user logs out which triggers credentialsManager.clear, the login information seems to still be saved. So the next time the user taps log in, their information is automatically used and they are passed along to the application. We need this to force them to enter their credentials again instead.

It also appears that after logging out, when the user presses log in the first time, it doesn’t successfully redirect? Not sure, probably a dumb error on our part. Pressing login again successfully moves the user onward.

How can we forcibly remove the login credentials when the user actually presses logout so that the next time Auth0 swift tries to authenticate, they are required to type credentials in again?

dan.woda · August 28, 2019, 8:50pm

Hi @BrandonGardner2,

A couple of questions to clarify:

Are you using a quickstart?
Can you post the exact code you are using to log out?

Thanks,
Dan

BrandonGardner2 · August 28, 2019, 9:02pm

Hey Dan,

I believe it was done using quick start.

Here is logout code listening for a WebView message:

extension ViewController: WKScriptMessageHandler {
func userContentController(_ userContentController: WKUserContentController, didReceive message: WKScriptMessage) {
    if message.name == messageName {
        let _ = credentialsManager.clear()
        LandingViewController.makeRootViewController()
    }
}

and in another location through a settings menu

    @IBAction func onLogoutTapped(_ sender: UIButton) {
    self.credentialManager.clear()
    LandingViewController.makeRootViewController()
}

dan.woda · August 28, 2019, 9:24pm

Are you using SSO with multiple apps?

BrandonGardner2 · August 28, 2019, 9:32pm

I don’t know that we are for sure? We have universal login setup and a web auth login using auth0-js for a React app and then the auth0-swift for this webview application. Would you mind expanding a little? If it is something we would have needed to explicitly code, I doubt it.

If it helps, I can tell you that the credentials being saved persist even through deleting and reinstalling the application.

dan.woda · August 28, 2019, 10:11pm

It sounds like there is a session cookie persisting in the browser. Logout occurs on multiple layers, the application, the auth server (with a cookie), and with the IdP. Can you try this?

Topic		Replies	Views
Swift login alert shows up when you logout Help auth0	37	19886	January 13, 2021
Showing Login Alert popup, When logout from iOS Device ( Language :- Swift ) Help logout , auth0	6	3843	March 20, 2020
iOS logout shows login message prompt Help logout , react-native , ios	1	3598	April 19, 2023
Retain Login session in iOS Web view Help swift	2	3185	April 29, 2022
How the Auth0 iOS framework knows user is already authenticated for second time? Help sso , application	5	1091	May 11, 2023

Log Users Completely Out of Auth0 On Swift

Related Topics