When I initiate Okta logout I’m geting next issues:
Okta API /logout endpoint does not support CORS so browser blocks any requests.
After adding CORS plugin to Chrome I’m getting “Not found: Resource not found” expection in response (I can see it in browser console). However I can delete current session using RESTED plugin (DELETE https://dev-522077.oktapreview.com/api/v1/sessions/me).
Normal OpenID Connect Flow does not work because CORS is not supported.
To delete current session I have to use /api/v1/sessions/me endpoint (CORS supported).
Client side script looks like:
$.ajax({
url: ‘https://dev-{yourId}.oktapreview.com/api/v1/sessions/me’,
type: ‘DELETE’,
xhrFields: { withCredentials: true },
success: function(result) {
window.location.reload();
}
});
The problem was that cookies were not attached to the request. “xhrFields: { withCredentials: true }” solved the issue.
I do logout by calling:
HttpContext.GetOwinContext().Authentication.SignOut(
CookieAuthenticationDefaults.AuthenticationType,
OpenIdConnectAuthenticationDefaults.AuthenticationType);
But this is not related to the issues described in the first message (especially CORS).
@Urik Sorry for the delay. Did you get this working?
OIDC logout from aspnetcore shouldn’t need CORS. If you get CORS errors doing a logout (unless you are working with a single-page app), something usually isn’t configured right.
I know this post is a bit old but I have an Asp.net MVC web site.
When I try to log out within 20 minutes or so it redirects to the postlogouturl configured (i.e OKTA login page). But when I try to logout after or around 60 minutes of session it navigates to the OKTA url and re-logs into the application.