Orchestration SDKs

Managing sessions and tokens in React Native

PingOne Advanced Identity Cloud PingAM React Native


After successfully authenticating a user, you can inspect their session and manage associated tokens.

Getting session info

After the journey reaches SuccessNode, call ssoToken() on the client to retrieve the server-side session token. This does not require an OIDC module to be configured.

Getting the SSO token
const sso = await journeyClient.ssoToken();
console.log('SSO token value:', sso?.value);

ssoToken() returns null if no session token is present. The returned object has the following properties:

value

The session token string itself.

successUrl

The URL the user should be redirected to after authentication, such as their profile page.

For example, /enduser/?realm=/alpha

realm

The realm in which the user authenticated.

For example, /alpha

Managing OIDC tokens

The following operations require the OIDC module to be configured.

Getting tokens

Call user() to retrieve the tokens issued during the journey:

Getting OIDC tokens after a successful journey
const session = await journeyClient.user();
console.log('Access token:', session?.accessToken);

user() returns null if no active session exists. The returned object has the following properties:

accessToken

The OAuth 2.0 access token.

refreshToken

The OAuth 2.0 refresh token, if present.

expiresIn

The access token lifetime in seconds, if present.

userInfo

User profile claims returned alongside the tokens, if present.

Refreshing tokens

Call refresh() to exchange the current refresh token for a new set of tokens:

Refreshing OIDC tokens
const session = await journeyClient.refresh();
console.log('New access token:', session?.accessToken);

The refresh() method returns the same JourneyUserSession shape as user(), or null if the refresh fails.

Revoking tokens

To invalidate the user’s access and refresh tokens on the server without ending their session, call revoke().

Revoking OIDC tokens
await journeyClient.revoke();

The tokens are removed from local storage and invalidated on the server.

The SSO session token remains intact. Use logoutUser() to completely sign out an authenticated user.

Getting user information

To fetch current user claims directly from the OIDC /userinfo endpoint, call userinfo() on the client:

Fetching user info
const userInfo = await journeyClient.userinfo();

The response contains values such as first and last name, and other details:

{
  "name": "Babs Jensen",
  "family_name": "Jensen",
  "given_name": "Babs",
  "sub": "a0325ea4-9d9b-4056-931b-ab64704cc3da",
  "subname": "a0325ea4-9d9b-4056-931b-ab64704cc3da"
}

Signing users out

To end the user’s session on the server and clear local state, call logoutUser().

This will also revoke OAuth 2.0 access and refresh tokens on the server and remove them from local storage on the client device.

It also calls the end_session endpoint to close any OIDC sessions.

Signing users out
await journeyClient.logoutUser();