Automatically log out a user after password reset or all sessions revoked

I have a React Native mobile app and a React web app both using Realm authentication to log my users in.

I would like my users to be logged out automatically when their password is reset or in cases where I disable or revoke all sessions for that user from the Realm UI.

I vaguely understand that refresh tokens may have something to do with that?

How could I go about enforcing user logout?

Hi Natacha,

How could I go about enforcing user logout?

Please see documentation on User.logOut() for the React SDK.

As mentioned in the User Sessions article it will do the following:

  • Deletes the local session information by deleting both the access and refresh tokens.
  • Invalidates the refresh token in the MongoDB Realm backend.

You can also revoke the user session from the UI or CLI as you mentioned which will require them to log in again.

Hope that helps.

Regards

Hi @Mansoor_Omar, thanks for your reply. Apologies if my initial query was a bit vague. I’ll try to be more specific.

In my system, a company is given a realm user (called sharedUser) with credentials that all their staff can use to log in to a mobile app. Company admins can access a web app portal and change the password for this sharedUser. I would like this to automatically log out every sharedUser on their mobile devices. They’ll then have to enter the newly changed password to log back in.

I understand that when an admin changes the password for sharedUser, this does something in MongoDB Realm backend to changes the refresh token for this user.

On my Realm Sync mobile app, how can I listen to changes in the refresh token (after the sharedUser password has been changed) so I can trigger the User.logOut()?

Apologies if I’m missing something obvious here.