feat(auth): Add clearCredentials method (#1256)

Author: subhankarmaiti

example/src/screens/hooks/Profile.tsx

@@ -16,6 +16,7 @@ const ProfileScreen = () => {
   const {
     user,
     clearSession,
+    clearCredentials,
     getCredentials,
     hasValidCredentials,
     revokeRefreshToken,
@@ -44,6 +45,28 @@ const ProfileScreen = () => {
     }
   };
 
+  const onClearCredentials = async () => {
+    try {
+      await clearCredentials();
+      // Clear any local state
+      setCredentials(null);
+      setApiResult({ success: 'Credentials cleared locally' });
+      setApiError(null);
+      Alert.alert(
+        'Success',
+        'Credentials have been cleared from local storage.'
+      );
+    } catch (e) {
+      console.log('Clear credentials error: ', e);
+      setApiError(e as Error);
+      Alert.alert(
+        'Error',
+        `Failed to clear credentials: ${e.message || 'Unknown error'}`,
+        [{ text: 'OK' }]
+      );
+    }
+  };
+
   const onGetCredentials = async () => {
     try {
       const result = await getCredentials();
@@ -100,6 +123,12 @@ const ProfileScreen = () => {
           disabled={!credentials?.refreshToken}
         />
         <View style={styles.spacer} />
+        <Button
+          onPress={onClearCredentials}
+          title="Clear Credentials"
+          style={styles.clearCredentialsButton}
+        />
+        <View style={styles.spacer} />
         <Button
           onPress={onLogout}
           title="Log Out"
@@ -122,6 +151,9 @@ const styles = StyleSheet.create({
   spacer: {
     height: 16,
   },
+  clearCredentialsButton: {
+    backgroundColor: '#FF9800',
+  },
   logoutButton: {
     backgroundColor: '#424242',
   },

src/hooks/Auth0Context.ts

@@ -57,6 +57,15 @@ export interface Auth0ContextInterface extends AuthState {
    */
   getCredentials(scope?: string, minTtl?: number): Promise<Credentials>;
 
+  /**
+   * Clears the user's credentials without clearing their web session and logs them out.
+   *
+   * @remarks
+   * **Platform specific:** This method is only available in the context of a Android/iOS application.
+   * @returns A promise that resolves when the credentials have been cleared.
+   */
+  clearCredentials: () => Promise<void>;
+
   /**
    * Checks if a valid, non-expired set of credentials exists in storage.
    * This is a quick, local check and does not perform a network request.
@@ -200,6 +209,7 @@ const initialContext: Auth0ContextInterface = {
   authorize: stub,
   clearSession: stub,
   getCredentials: stub,
+  clearCredentials: stub,
   hasValidCredentials: stub,
   loginWithPasswordRealm: stub,
   cancelWebAuth: stub,

src/hooks/Auth0Provider.tsx

@@ -170,6 +170,17 @@ export const Auth0Provider = ({
     [client]
   );
 
+  const clearCredentials = useCallback(async (): Promise<void> => {
+    try {
+      await client.credentialsManager.clearCredentials();
+      dispatch({ type: 'LOGOUT_COMPLETE' });
+    } catch (e) {
+      const error = e as AuthError;
+      dispatch({ type: 'ERROR', error });
+      throw error;
+    }
+  }, [client]);
+
   const cancelWebAuth = useCallback(
     () => voidFlow(client.webAuth.cancelWebAuth()),
     [client, voidFlow]
@@ -281,6 +292,7 @@ export const Auth0Provider = ({
       clearSession,
       getCredentials,
       hasValidCredentials,
+      clearCredentials,
       cancelWebAuth,
       loginWithPasswordRealm,
       createUser,
@@ -303,6 +315,7 @@ export const Auth0Provider = ({
       clearSession,
       getCredentials,
       hasValidCredentials,
+      clearCredentials,
       cancelWebAuth,
       loginWithPasswordRealm,
       createUser,

src/hooks/__tests__/Auth0Provider.spec.tsx

@@ -130,6 +130,7 @@ const TestConsumer = () => {
     isLoading,
     authorize,
     clearSession,
+    clearCredentials,
     createUser,
     resetPassword,
   } = useAuth0();
@@ -159,6 +160,11 @@ const TestConsumer = () => {
         onPress={() => clearSession()}
         testID="logout-button"
       />
+      <Button
+        title="Clear Credentials"
+        onPress={() => clearCredentials()}
+        testID="clear-credentials-button"
+      />
       <Button
         title="Create User"
         onPress={() =>
@@ -326,6 +332,46 @@ describe('Auth0Provider', () => {
     expect(mockClientInstance.webAuth.clearSession).toHaveBeenCalled();
   });
 
+  it('should update the state correctly after a clearCredentials call', async () => {
+    // Start with a logged-in state
+    mockClientInstance.credentialsManager.getCredentials.mockResolvedValueOnce({
+      idToken: 'a.b.c',
+      accessToken: 'access-token-123',
+      tokenType: 'Bearer',
+      expiresAt: Date.now() / 1000 + 3600,
+    } as any);
+
+    await act(async () => {
+      render(
+        <Auth0Provider domain="test.com" clientId="123">
+          <TestConsumer />
+        </Auth0Provider>
+      );
+    });
+
+    await waitFor(() =>
+      expect(screen.getByTestId('user-status')).toHaveTextContent(
+        'Logged in as: Test User'
+      )
+    );
+
+    const clearCredentialsButton = screen.getByTestId(
+      'clear-credentials-button'
+    );
+    await act(async () => {
+      fireEvent.click(clearCredentialsButton);
+    });
+
+    await waitFor(() =>
+      expect(screen.getByTestId('user-status')).toHaveTextContent(
+        'Not logged in'
+      )
+    );
+    expect(
+      mockClientInstance.credentialsManager.clearCredentials
+    ).toHaveBeenCalled();
+  });
+
   it('should update the error state if authorize fails', async () => {
     // Create a mock error object that looks like an AuthError
     const loginError = {