Reputation: 653
How sign out works on iOS with SSO
When a user signs out of an ADAL account on iOS, they can sign back in without entering their password. As I understand this is for SSO.
Are there any reliable ways for a user to sign themselves out?
I was able to with some apps like Word when I used the Authenticator app. Then there are other apps that just have in app ADAL web UI and don't add accounts to Authenticator.
Upvotes: 1
Views: 485
Answers (1)
Reputation: 63
One of the reasons because tokens are used is scalability. If you made a request to the Identity Provider for a request coming to your resource, you would pay a price:
- network delay
- computational overhead of the Identity Provider
Tokens are conceived to be self-contained, to avoid this round-trip and to distribute the computational overhead. To achieve this, tokens must be without state. Tokens are valid until they expire and deleting a token doesn't mean revoking its validity.
You might manage somehow the mechanism to revoke tokens but this would give up to the statefulness and would re-introduce the need of a communication mechanism such as a distributed cache or a database and the problems that this would entail: - network traffic - overhead for each single request - memory/disk contention
The lack of logout with token is one of the drawbacks we have to accept to make systems more scalable.
Upvotes: 1
Related Questions
- How to LogOut from iOS ADAL Authentication?
- In SAML, what are the actions that need to be performed in the client and service provider to logout?
- Logout User MSAL azure library in objective c
- Microsoft ADAL Signout
- How can I logout using the new release of ADALiOS 2.1
- Logout from iOS App
- Basic authentication logout on iPhone
- iOS Facebook SDK SSO Safari log out
- How to implement log in and Log out in an app
- IOS SDK Facebook SSO - User logs out from Facebook outside app?