I am running a service available on both an app and a web platform with "Sign In with Apple."
-
Should I store the tokens separately, or should I overwrite them in a single storage location?
-
When a user requests to sign out, should I revoke both the app and web tokens, or will revoking the app token automatically cover the web token as well?