---
title: Managing sessions and tokens in React Native
description: Inspect and manage sessions and OAuth 2.0 tokens in React Native after a successful authentication journey
component: orchsdks
page_id: orchsdks:journey:usage/react-native/06-handling-sessions
canonical_url: https://developer.pingidentity.com/orchsdks/journey/usage/react-native/06-handling-sessions.html
llms_txt: https://developer.pingidentity.com/orchsdks/llms.txt
docs_for_agents: https://developer.pingidentity.com/build-with-ai/docs-for-agents.md
revdate: Wed, 6 May 2026 00:00:00 +0000
section_ids:
  getting_session_info: Getting session info
  managing_oidc_tokens: Managing OIDC tokens
  getting_tokens: Getting tokens
  refreshing_tokens: Refreshing tokens
  revoking_tokens: Revoking tokens
  getting_user_information: Getting user information
  sign_out: Signing users out
---

# Managing sessions and tokens in React Native

[icon: circle-check, set=far]PingOne Advanced Identity Cloud [icon: circle-check, set=far]PingAM [icon: react, set=fab]React Native

* [Prepare](01-configuring-the-server.html)

* [Install](02-installing-the-journey-module.html)

* [Configure](03-configuring-the-journey-module.html)

* [Start](04-starting-an-authentication-journey.html)

* [Navigate](05-navigating-an-authentication-journey.html)

* **Manage**

***

After successfully authenticating a user, you can inspect their session and manage associated tokens.

## Getting session info

After the journey reaches `SuccessNode`, call `ssoToken()` on the client to retrieve the server-side session token. This does not require an OIDC module to be configured.

Getting the SSO token

```typescript
const sso = await journeyClient.ssoToken();
console.log('SSO token value:', sso?.value);
```

`ssoToken()` returns `null` if no session token is present. The returned object has the following properties:

* `value`

  The session token string itself.

* `successUrl`

  The URL the user should be redirected to after authentication, such as their profile page.

  For example, `/enduser/?realm=/alpha`

* `realm`

  The realm in which the user authenticated.

  For example, `/alpha`

## Managing OIDC tokens

The following operations require the OIDC module to be configured.

### Getting tokens

Call `user()` to retrieve the tokens issued during the journey:

Getting OIDC tokens after a successful journey

```typescript
const session = await journeyClient.user();
console.log('Access token:', session?.accessToken);
```

`user()` returns `null` if no active session exists. The returned object has the following properties:

* `accessToken`

  The OAuth 2.0 access token.

* `refreshToken`

  The OAuth 2.0 refresh token, if present.

* `expiresIn`

  The access token lifetime in seconds, if present.

* `userInfo`

  User profile claims returned alongside the tokens, if present.

### Refreshing tokens

Call `refresh()` to exchange the current refresh token for a new set of tokens:

Refreshing OIDC tokens

```typescript
const session = await journeyClient.refresh();
console.log('New access token:', session?.accessToken);
```

The `refresh()` method returns the same `JourneyUserSession` shape as `user()`, or `null` if the refresh fails.

### Revoking tokens

To invalidate the user's access and refresh tokens on the server without ending their session, call `revoke()`.

Revoking OIDC tokens

```typescript
await journeyClient.revoke();
```

The tokens are removed from local storage and invalidated on the server.

The SSO session token remains intact. Use `logoutUser()` to [completely sign out an authenticated user](#sign_out).

## Getting user information

To fetch current user claims directly from the OIDC `/userinfo` endpoint, call `userinfo()` on the client:

Fetching user info

```typescript
const userInfo = await journeyClient.userinfo();
```

The response contains values such as first and last name, and other details:

```json
{
  "name": "Babs Jensen",
  "family_name": "Jensen",
  "given_name": "Babs",
  "sub": "a0325ea4-9d9b-4056-931b-ab64704cc3da",
  "subname": "a0325ea4-9d9b-4056-931b-ab64704cc3da"
}
```

## Signing users out

To end the user's session on the server and clear local state, call `logoutUser()`.

This will also revoke OAuth 2.0 access and refresh tokens on the server and remove them from local storage on the client device.

It also calls the `end_session` endpoint to close any OIDC sessions.

Signing users out

```typescript
await journeyClient.logoutUser();
```
