Skip to content

fix(auth): remove session when it has been revoked #802

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Sep 25, 2025
Merged

fix(auth): remove session when it has been revoked #802

merged 5 commits into from
Sep 25, 2025

Conversation

grdsdev
Copy link
Contributor

@grdsdev grdsdev commented Sep 24, 2025
edited
Loading

What kind of change does this PR introduce?

Bug fix

What is the current behavior?

Considering the scenario where a user is logged on both web and mobile using the Swift SDK, when the user signs out from the web using global scope, all sessions are removed from the auth service, including the session from the mobile app.

Any authenticated call made by the Swift SDK after that will throw an error and get it stuck in a state where it says it is signed in, but the session isn't accepted by the server.

What is the new behavior?

Once the SDK gets a session_not_found or refresh_token_not_found error returned by the auth service, the SDK removes the session from storage and triggers a SIGNED_OUT event, cleaning up state.

Additional context

Add any other context or screenshots.

@grdsdev grdsdev mentioned this pull request Sep 24, 2025
Closed
@grdsdev grdsdev marked this pull request as ready for review September 24, 2025 16:41
@grdsdev grdsdev requested a review from a team September 24, 2025 16:43
@grdsdev grdsdev requested review from cstockton and hf September 24, 2025 16:52
cstockton
cstockton approved these changes Sep 24, 2025
View reviewed changes
Copy link

@cstockton cstockton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not familiar with code base to approve implementation, but the rationale and expected behavior is sound.

@grdsdev grdsdev merged commit c6aa8ef into main Sep 25, 2025
22 checks passed
@grdsdev grdsdev deleted the fix/auth-remove-session-when-session-revoked branch September 25, 2025 08:18
@github-actions github-actions bot mentioned this pull request Sep 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cstockton cstockton cstockton approved these changes

@hf hf Awaiting requested review from hf

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@grdsdev @cstockton