Enable sign-out

Amplify Android v1 is deprecated as of June 1st, 2024. No new features or bug fixes will be added. Dependencies may become outdated and potentially introduce compatibility issues.

Please use the latest version (v2) of Amplify Library for Android to get started. Refer to the upgrade guide for instructions on upgrading your application to the latest version.

Amplify libraries should be used for all new cloud connected applications. If you are currently using the AWS Mobile SDK for Android, you can access the documentation here.

Invoke the signOut api to sign out a user from the Auth category. You can only have one user signed in at a given time.

Amplify.Auth.signOut(
    () -> Log.i("AuthQuickstart", "Signed out successfully"),
    error -> Log.e("AuthQuickstart", error.toString())

Amplify.Auth.signOut(
    { Log.i("AuthQuickstart", "Signed out successfully") },
    { Log.e("AuthQuickstart", "Sign out failed", it) }

    Amplify.Auth.signOut()
    Log.i("AuthQuickstart", "Signed out successfully")
} catch (error: AuthException) {
    Log.e("AuthQuickstart", "Sign out failed", error)

RxAmplify.Auth.signOut()
    .subscribe(
        () -> Log.i("AuthQuickstart", "Signed out successfully"),
        error -> Log.e("AuthQuickstart", error.toString())

Calling signOut without any options will just delete the local cache and keychain of the user. If you would like to sign out of all devices, invoke the signOut api with advanced options.

Amazon Cognito now supports token revocation and the latest Amplify version will revoke Amazon Cognito tokens if the application is online. This means that the Cognito refresh token cannot be used anymore to generate new Access and Id Tokens.

Access and Id Tokens are short-lived (60 minutes by default but can be set from 5 minutes to 1 day). After revocation, these tokens cannot be used with Cognito User Pools anymore. However, they are still valid when used with other services like AppSync or API Gateway.

For limiting subsequent calls to these other services after invalidating tokens, we recommend lowering token expiration time for your app client in the Cognito User Pools console. If you are using the Amplify CLI this can be accessed by running amplify console auth.

Token revocation is enabled automatically on new Amazon Cognito user pools, however existing User Pools must enable this feature, using the Cognito Console or AWS CLI.

Amplify.Auth.signOut(
    AuthSignOutOptions.builder().globalSignOut(true).build(),
    () -> Log.i("AuthQuickstart", "Signed out globally"),
    error -> Log.e("AuthQuickstart", error.toString())

val options = AuthSignOutOptions.builder()
    .globalSignOut(true)
    .build()
Amplify.Auth.signOut(options,
    { Log.i("AuthQuickstart", "Signed out globally") },
    { Log.e("AuthQuickstart", "Sign out failed", it) }

val options = AuthSignOutOptions.builder()
    .globalSignOut(true)
    .build()
    Amplify.Auth.signOut(options)
    Log.i("AuthQuickstart", "Signed out globally") 
} catch (error: AuthException) {
    Log.e("AuthQuickstart", "Sign out failed", error)

RxAmplify.Auth.signOut(AuthSignOutOptions.builder().globalSignOut(true).build())
    .subscribe(
        () -> Log.i("AuthQuickstart", "Signed out globally"),
        error -> Log.e("AuthQuickstart", error.toString())

Calling signout with globalSignOut = true will invalidate all the Cognito User Pool tokens of the signed in user. If the user is signed into a device, they won't be authorized to perform a task that requires a valid token when a global signout is called from some other device. They need to sign in again to get valid tokens.

Global signout functionality does not work if you use one of the web UI sign in methods.