Name:
interface
Value:
Amplify has re-imagined the way frontend developers build fullstack applications. Develop and deploy without the hassle.

Fullstack TypeScript

Write your app's data model, auth, storage, and functions in TypeScript; Amplify will do the rest.

Built with the AWS CDK

Use any cloud resource your app needs. Never worry about scale.

Learn more about Gen 2

Choose your framework/language

v1v2
Edit on GitHub

Page updated Feb 21, 2024

Enable sign-out

Invoke the signOut api to sign out a user from the Auth category. You can only have one user signed in at a given time. Calling signOut without any options will delete the local cache and keychain of the user and revoke the token if enabled on Amazon Cognito User Pools. If you would like to sign out of all devices, invoke the signOut api with advanced options.

func signOutLocally() async {
    let result = await Amplify.Auth.signOut()
    guard let signOutResult = result as? AWSCognitoSignOutResult
    else {
        print("Signout failed")
        return
    }


    print("Local signout successful: \(signOutResult.signedOutLocally)")
    switch signOutResult {
    case .complete:
        // Sign Out completed fully and without errors.
        print("Signed out successfully")


    case let .partial(revokeTokenError, globalSignOutError, hostedUIError):
        // Sign Out completed with some errors. User is signed out of the device.
        
        if let hostedUIError = hostedUIError {
            print("HostedUI error  \(String(describing: hostedUIError))")
        }


        if let globalSignOutError = globalSignOutError {
            // Optional: Use escape hatch to retry revocation of globalSignOutError.accessToken.
            print("GlobalSignOut error  \(String(describing: globalSignOutError))")
        }


        if let revokeTokenError = revokeTokenError {
            // Optional: Use escape hatch to retry revocation of revokeTokenError.accessToken.
            print("Revoke token error  \(String(describing: revokeTokenError))")
        }


    case .failed(let error):
        // Sign Out failed with an exception, leaving the user signed in.
        print("SignOut failed with \(error)")
    }
}
func signOutLocally() -> AnyCancellable {
    Amplify.Publisher.create {
        await Amplify.Auth.signOut()
    }.sink(receiveValue: { result in
        guard let signOutResult = result as? AWSCognitoSignOutResult
        else {
            print("Signout failed")
            return
        }
        print("Local signout successful: \(signOutResult.signedOutLocally)")
        switch signOutResult {
        case .complete:
            // Sign Out completed fully and without errors.
            print("Signed out successfully")


        case let .partial(revokeTokenError, globalSignOutError, hostedUIError):
            // Sign Out completed with some errors. User is signed out of the device.
            if let hostedUIError = hostedUIError {
                print("HostedUI error  \(String(describing: hostedUIError))")
            }


            if let globalSignOutError = globalSignOutError {
                // Optional: Use escape hatch to retry revocation of globalSignOutError.accessToken.
                print("GlobalSignOut error  \(String(describing: globalSignOutError))")
            }


            if let revokeTokenError = revokeTokenError {
                // Optional: Use escape hatch to retry revocation of revokeTokenError.accessToken.
                print("Revoke token error  \(String(describing: revokeTokenError))")
            }


        case .failed(let error):
            // Sign Out failed with an exception, leaving the user signed in.
            print("SignOut failed with \(error)")
        }
    })
}

Sign Out Result Types

.complete

Indicates a successful sign out with no errors.

.partial

Indicates that sign out was completed, but with errors. The device credentials have been cleared and the user is locally signed out of the device. The .partial case will return 1 or more errors where sign out actions can be retried manually.

  • .globalSignOutError - The GlobalSignOut action failed.
    • error: Provides a message and recovery suggestion for the failure.
    • accessToken: The access token that was unable to be revoked. The Escape Hatch can be used to manually retry the global sign out.
  • .revokeTokenError - The RevokeToken action failed.
    • error: Provides a message and recovery suggestion for the failure.
    • refreshToken: The refresh token that was unable to be revoked. The Escape Hatch can be used to manually retry revoking the token.
  • .hostedUIError - The HostedUI sign out action failed.
    • error: Provides a message and recovery suggestion for the failure.

.failed

Indicates a failed sign out where user credentials remain on the device. See the attached error to determine the cause.

Token Revocation

Amazon Cognito now supports token revocation. This means that the Cognito refresh token cannot be used anymore to generate new Access and Id Tokens.

Access and Id Tokens are short-lived (60 minutes by default but can be set from 5 minutes to 1 day). After revocation, these tokens cannot be used with Cognito User Pools anymore. However, they are still valid when used with other services like AppSync or API Gateway.

For limiting subsequent calls to these other services after invalidating tokens, we recommend lowering token expiration time for your app client in the Cognito User Pools console. If you are using the Amplify CLI this can be accessed by running amplify console auth.

Token revocation is enabled automatically on new Amazon Cognito User Pools, however existing User Pools must enable this feature, using the Cognito Console or AWS CLI.

Global Sign Out

Calling signout with globalSignOut = true will invalidate all the Cognito User Pool tokens of the signed in user. If the user is signed into a device, they won't be authorized to perform a task that requires a valid token when a global signout is called from some other device. They need to sign in again to get valid tokens.

import AWSCognitoAuthPlugin


func signOutGlobally() async {
    let result = await Amplify.Auth.signOut(options: .init(globalSignOut: true))
    guard let signOutResult = result as? AWSCognitoSignOutResult
    else {
        print("Signout failed")
        return
    }


    print("Local signout successful: \(signOutResult.signedOutLocally)")
    switch signOutResult {
    case .complete:
        // handle successful sign out
    case .failed(let error):
        // handle failed sign out
    case let .partial(revokeTokenError, globalSignOutError, hostedUIError):
        // handle partial sign out
    }
}
func signOutGlobally() -> AnyCancellable {
    Amplify.Publisher.create {
        await Amplify.Auth.signOut(options: .init(globalSignOut: true))
    }.sink(receiveValue: { result in
        guard let signOutResult = result as? AWSCognitoSignOutResult
        else {
            print("Signout failed")
            return
        }
        print("Local signout successful: \(signOutResult.signedOutLocally)")
        switch signOutResult {
        case .complete:
            // handle successful sign out
        case .failed(let error):
            // handle failed sign out
        case let .partial(revokeTokenError, globalSignOutError, hostedUIError):
            // handle partial sign out
        }
    })
}
PREVIOUS
Add social provider sign-in
NEXT
Manage user attributes
Site color mode

Amplify open source software, documentation and community are supported by Amazon Web Services.

© 2024, Amazon Web Services, Inc. and its affiliates.

All rights reserved. View the site terms and privacy policy.

Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.