Is it common practice to delete the keychain password item on sign out?
Yes it is. When a user signs out it’s a good idea to clear out their data that can be entered again or downloaded from a web server.
If you are implementing biometrics, like a bank app for example, then you would want to handle signing out differently. In this case you’d want to keep the user’s identifier (email, username, etc) and the password hash, then store some state to indicate if the user is “logged” in.
Thanks for the thorough response!
This tutorial is more than six months old so questions are no longer supported at the moment for it. Thank you!