Session Management - Native
Learn how to securely manage authentication tokens and maintain user sessions in native mobile and desktop apps.
Managing Sessions on Native Applications
For native applications, access and refresh tokens are stored on the device to maintain a user’s authenticated state. When a user logs in, the app receives an access token and refresh token, which it stores in a device-specific secure storage location (e.g., iOS Keychain, etc.). As long as the access token is valid and hasn't expired, the user should be considered to have an active session. If the access token expires and a valid refresh token is available, then the refresh token can be used to retrieve a new access token without having the user re-authenticate.
Ending Sessions on Logout
When an authenticated user logs out of your application, the application must ensure that all sessions and their corresponding tokens are revoked.
Deleting Device Authentication State
When a user logs out, all application session data stored in the device's platform-specific secure storage should be deleted.
Revoking the Refresh Token
If the session has a refresh token associated with it, then the application should call the Wristband Revoke Token API to revoke the refresh token.
Deleting the Wristband Authentication Session
Lastly, the application should redirect to the Wristband Logout API, which will cause the Wristband authentication session to be deleted.
Updated 17 days ago