You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -228,6 +230,26 @@ In v4, `clearCredentials()` calls `Storage.removeAll()`, which clears **all** va
228
230
229
231
**Impact:** Existing custom `Storage` implementations will continue to compile and work without changes. Override `removeAll()` to provide the actual clearing behavior if your custom storage is used with `clearCredentials()`.
230
232
233
+
## New APIs
234
+
235
+
### `clearAll()` — Full Credential and Key Cleanup
236
+
237
+
v4 introduces a new `clearAll()` method on `CredentialsManager` and `SecureCredentialsManager` that performs a complete cleanup of all stored credentials **and** cryptographic key pairs.
238
+
239
+
**Usage:**
240
+
241
+
```kotlin
242
+
// Clear everything on logout — credentials, DPoP keys, and encryption keys
243
+
credentialsManager.clearAll()
244
+
```
245
+
246
+
**When to use `clearAll()` vs `clearCredentials()`:**
247
+
248
+
- Use **`clearCredentials()`** when you only need to remove stored tokens (e.g., forcing a re-login) but want to preserve cryptographic keys for future sessions.
249
+
- Use **`clearAll()`** on full logout or account removal, when you want to ensure no credentials or key material remain on the device.
250
+
251
+
> **Note:**`clearAll()` catches any errors from DPoP key pair deletion internally, so it will not throw even if the DPoP key pair was never created or has already been removed.
0 commit comments