Global Security Forum

 View Only
  • 1.  iOS Logout

    Posted Wed August 07, 2024 10:02 AM

    I'm using the  IBM SDK for development of an iOS app that uses IBM Verify as my Identity provider. The good news is that it works as advertised and I can authenticate easily with IBM Verify which in turn federates all of our various organizational AD identity "sources of truth" under one umbrella.  The only functionality remaining to add to the app is a LOGOUT facility. I've searched all the docs I can find and surprisingly, I haven't found a single example of how one should code to LOGOUT. The SDK docs don't have an example (or I've missed it.)  Surely this isn't that hard. I'm just a bit surprised in this day and age with the emphasis on not leaving apps "logged in" that I can't find more treatment of how to properly log out. It seems like there should be some method to call in the SDK but if there is, somehow I've missed it. Can anyone point me in the right direction?

     

    Don


    This electronic message is intended only for the use of the individual(s) and entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from any computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information it contains. Thank you.



  • 2.  RE: iOS Logout

    Posted Thu August 08, 2024 05:59 PM

    Don,

    when I get you right you use the Verify SDK login in with PUSH notification to the App?  
    Isn't it an OAuth or OIDC Token handled by the App which controls the Session? We are using REST calls logging out also logging in because of custom Auth Policies. So I'm not sure how the SDK shall handle under the table other as using REST and OAuth. 
    Jens



    ------------------------------
    Jens Petersen
    ------------------------------



  • 3.  RE: iOS Logout

    Posted 30 days ago

    Hi Don,

    replying to the group as others may find this topic interesting as well.

    I understand your approach and guess there is no such a function at the API. I actually used it so far for developing an equivalent to what is implemented with the IBM Verify App. You don't need the session handling with that kind of App as it implements an Authenticator App.

    Regarding your issue I'd recommend having a look to Phil and  this Documentation



    ------------------------------
    Jens Petersen
    ------------------------------



  • 4.  RE: iOS Logout

    Posted 30 days ago

    Thanks Jen,

     

    I kind of wondered about just revoking the token but I wanted to ensure that was the recommended approach in the case of IBM Verify.  Thanks also for that additional pointer to the specific docs. That is MOST helpful. Somehow all my searches didn't find that particular page. I think that will likely do the job and I'm going to add it as a method in the SigninViewModel class that comes as part of the SDK. For symmetry I'll probably call it "performSignoff" to match the logical naming of the performSignin"  method. I'll post back here with my results in case others tread the same path.

     

    -dB


    This electronic message is intended only for the use of the individual(s) and entity named as recipients in the message. If you are not an intended recipient of this message, please notify the sender immediately and delete the material from any computer. Do not deliver, distribute or copy this message, and do not disclose its contents or take any action in reliance on the information it contains. Thank you.