ASWebAuthenticationSession logout & code expiration?

I'm using ASWebAuthenticationSession using Authorization Code Flow. In this flow I get a code token back from ASWebAuthenticationSession that I exchange for access and refresh tokens from my server. I store those in KeyChain. This works fine, but the problem is when I want to log out and log in with a different account.


Logging out is two steps:

1. Throw away my keychain tokens

2. Call ASWebAuthenticationSession to logout from the servers.


The second step has a strange user experience though, as it will ask concent for logging _in_! If I skip this step, and try logging in again using ASWebAuthenticationSession, it will not show the web view unless enough time has passed since the previous login.


So, I was thinking that most users don't login and logout often so I could check if enough time passed since the login and then skip step 2. Not good, but still an improvement.


Does anyone know how long that timeout is? I tested and it seems it may be one hour. Perhaps it's some kind of cookie lifetime or something that the server controls.


Or is there a better solution?

Replies

Kimota,


Having the same issues / questions here. How did you solve that out ?

Thanks for sharing


Jeff