i have a question, i auth my user with AuthentificationServices but at disconnect, i don't know how to flush the session previously saved, if a user clic on reconnect right back, it will be connected with the previous account that made the disconnection
do you have an idea ?
ASWebAuthenticationSession doesn't maintain your session itself, but it does use session stored in Safari. See this section in the docs:
If the user has already logged into the web service in Safari or other apps using ASWebAuthenticationSession, it’s possible to share the existing login information. The system presents the user with a dialog asking for consent to share login information. If the user cancels the alert, the session is canceled, and the completion handler is called with the error code ASWebAuthenticationSessionError.Code.canceledLogin.
So if you're authenticating to an OAuth service/app and that service maintains a user's session in Safari then you might see it auto-authenticate you without having to re-enter a username/password. This is only an issue if you want to support multiple logins for a single device - more likely to be an issue during your testing than in normal use (in my experience).
iOS let's users opt-out of the auto-login using previous session each time it tries to authenticate them with the previous session, but I'm not sure of an easy way to flush their session on behalf of them every time you try to do an OAuth from your app.
Thank you for your kind and detailed answer,
Indeed, maybe my wish to fully disconnect after logout is related to my dev role and I would find this annoying as a user.
I’m still curious if there is a possibility or if it’s intended in the design of ASWebAuthenticationSession
You could try prefersEphemeralWebBrowserSession, a new feature in iOS 13, to at least block your web view from sharing session with Safari and be a bit more explicit about making your user login. I'm not sure it speaks to your specific issue, but might be worth exploring.
i have a question, i auth my user with AuthentificationServices but at disconnect, i don't know how to flush the session previously saved, if a user clic on reconnect right back, it will be connected with the previous account that made the disconnection
do you have an idea ?
ASWebAuthenticationSessiondoesn't maintain your session itself, but it does use session stored in Safari. See this section in the docs:So if you're authenticating to an OAuth service/app and that service maintains a user's session in Safari then you might see it auto-authenticate you without having to re-enter a username/password. This is only an issue if you want to support multiple logins for a single device - more likely to be an issue during your testing than in normal use (in my experience).
iOS let's users opt-out of the auto-login using previous session each time it tries to authenticate them with the previous session, but I'm not sure of an easy way to flush their session on behalf of them every time you try to do an OAuth from your app.
Hope that helps!
Thank you for your kind and detailed answer,
Indeed, maybe my wish to fully disconnect after logout is related to my dev role and I would find this annoying as a user.
I’m still curious if there is a possibility or if it’s intended in the design of ASWebAuthenticationSession
You could try prefersEphemeralWebBrowserSession, a new feature in iOS 13, to at least block your web view from sharing session with Safari and be a bit more explicit about making your user login. I'm not sure it speaks to your specific issue, but might be worth exploring.
Ran into the same issue, what we ended up doing, was instead launching a clear session url which auto redirects to the login each time.