Please provide the following:
- SDK Version: 35.0.0
- Platforms(Android/iOS/web/all): all
AppAuth is great. When a user is not signed in, they are prompted to sign in with AppAuth.authAsync(config). When the user signs out, we call
AppAuth.revokeAsync(config, {
token: accessToken,
isClientIdProvided: true,
})
and we delete the current token from our cache.
However, the user is not really signed out. The are sent to the welcome screen, where we call AppAuth.authAsync(config) once again. This fetches a new token and they are in the app. This is not what I would expect. I expect them to remain signed out, so that another user could signin.
It appears that this happens because the session is not destroyed. This should happen by calling ${issuer}/v1/logout, at least according to the Okta docs, which is the service we are using.
Any assistance or clarification would be appreciated.