After Logging out (Angular Okta SDK) able to log back in without password

Hi Okta,

I am using Angular Okta SDK for my application. When I trigger logout in my application using:

this.oktaAuth.signOut()

So what happens is when a user initially logs in they’ll need to enter their username and password. Then press logout button. I’ll call signOut() and then the user lands on the Okta login page but this time all they need to enter back in the application is their username.

Thanks,
Baljinder

Are you sure that method is being called? If they are being redirected back to the sign in page and not being asked to enter their password, then that means that the session is still active.

Did you follow this documentation? Sign users out of Okta | Okta Developer

@erin.p pretty sure.

As you can see in my snippet, it hits the method and then leads me off to the login page.

Are you seeing any errors after this.oktaAuth.signOut is called?

1 Like

none, but bearing in mind I won’t know if there is one in the SDK as the page is redirected to the login page.

Are they users logging in through an External IdP? Is that why they are only prompted for their username when they log in a second time?

@andrea Hmmm :slight_smile: that may be the case. I am not certain, waiting on a reply.

Due to us using single sign on for all our company applications, we’re most likely are?

If users are getting federated through an external provider (like Google, Facebook, Azure AD, etc), then while the application is able to log them out of their session with Okta (the signOut method does this by invoking the /logout endpoint), it is not going to end the user’s session at the user’s source IdP.

That means that the next time Okta goes to redirect the user to their external provider, the provider will still have a session for that user and they will be sent back to Okta immediately (or after a prompt, depending on the IdP) with a new Okta session created for them.

1 Like