logout

AppDelegate.reachfive().logout(webSessionLogout request: WebSessionLogoutRequest? = nil, revoke token: AuthToken? = nil) async throws

Description

Terminates the main SSO session, all provider sessions, and optionally revokes user tokens or initiates a web-based logout.

  • Provider Sessions: Logs out from all configured identity providers (e.g., Google, Facebook).

  • Web Session Logout: When a WebSessionLogoutRequest is provided via the webSessionLogout parameter, triggers a web-based logout by opening a web authentication session to the server’s logout endpoint (e.g., /logout).

  • Token Revocation: When an AuthToken is provided via the revoke parameter, revokes the specified token, invalidating the user’s session. This applies to both access and refresh tokens.

  • Main SSO Session: Terminates the core SSO session.

Both webSessionLogout and revoke are optional and default to nil. If neither is provided, the method logs out from provider sessions and the main SSO session but does not revoke specific tokens or clear browser cookies.

Native vs Web

For native app flows, use logout(revoke:) with an AuthToken to revoke tokens and end the session.

For web-based SSO flows, use logout(webSessionLogout:) to clear browser cookies and handle redirects.

For web-based logout, the app’s scheme must be configured in the ReachFive Console’s SSO settings as an Allowed logout callback URL. Failure to configure this will result in a “URI redirect not allowed” error.

Example: reachfive-<CLIENT_ID>://callback

Examples

// Basic logout (no parameters)
do {
    try await AppDelegate.reachfive().logout()
    // User is logged out from provider sessions and main SSO session
    // Tokens are not revoked, and browser cookies are not cleared
} catch {
    // Handle ReachFiveError
}

// Native logout with token revocation
do {
    let authToken = // Obtain AuthToken from storage or authentication
    try await AppDelegate.reachfive().logout(revoke: authToken)
    // User is logged out, tokens are revoked
} catch {
    // Handle ReachFiveError
}

// Web-based logout with redirect
do {
    let WebSessionLogoutRequest = WebSessionLogoutRequest(
        origin: "app_logout",
        presentationContextProvider: // Provide a context provider, e.g., a view controller
    )
    try await AppDelegate.reachfive().logout(webSessionLogout: WebSessionLogoutRequest)
    // Browser cookies are cleared, user is redirected
} catch {
    // Handle ReachFiveError
}

Parameters

webSessionLogout WebSessionLogoutRequest?

optional The web session logout request.

Defaults to nil.

If provided, triggers a web-based logout by opening a web authentication session to the server’s logout endpoint.

The URL must be defined in your ReachFive Console settings at Security  SSO  Allowed Callback URLs.

WebSessionLogoutRequest

Use WebSessionLogoutRequest to enable web-based SSO logout, which opens a browser window to the server’s logout endpoint.

This class is only needed for apps using web-based SSO.

Includes:

  • required presentationContextProvider: A delegate that provides a display context whereby the system is able to present an authentication session to the user.

  • optional origin: The origin of the call.

revoke AuthToken?

optional The authentication token to revoke, invalidating the user’s session. Use nil to skip token revocation.

Defaults to nil.

The logout method invalidates any tokens found here.

Response

Error: ReachFiveError

ReachFiveError

Based on the problem, the ReachFiveError will be:

  • AuthCanceled: The user cancelled the request or no credential was available in the keychain.

  • RequestError(apiError: ApiError) for a Bad Request (status 400) error.

  • AuthFailure(reason: String, apiError: ApiError?) mainly for Unauthorized (status 401) error.

  • TechnicalError(reason: String, apiError: ApiError?) if it’s an Internal Server Error (status 500) or other internal errors.

ApiError

error string

The main error message.

errorId string

The identifier of the error.

errorUserMsg string

The user-friendly error message.

This property is translated according to the user’s OS and app settings. Currently supported languages:
Currently supported languages

  • ar - العربية Arabic

  • de - Deutsch German

  • en - English

  • es - Español Spanish

  • fr - Français French

  • hu - Magyar Hungarian

  • it - Italiano Italian

  • jp - 日本 Japanese

  • ko - 한국인 Korean

  • nl - Nederlands Dutch

  • pt - Portuguese

  • ru - Ру́сский Russian

  • sk - Slovenský Slovak

  • zh-CN - People’s Republic of China Simplified Chinese

  • zh-Hans - Simplified Chinese

  • zh-Hant - Traditional Chinese

  • zh-HK - Hong Kong Traditional Chinese

  • zh-MO - Macao Traditional Chinese

  • zh-SG - Singapore Simplified Chinese

  • zh-TW - Taiwan Traditional Chinese

errorMessageKey string

The error message key.

errorDescription string

The technical error message.

errorDetails FieldError[]

field string

The field concerned by the error.

message string

The message error returned for the field.

code string

The code error returned for the field.