I have a front-end UI that uses the okta-auth-js SDK. Is there any way I can make an API request to my backend server, which uses the okta-java-sdk to close the session via SessionApi.revokeSession(sessionId)? I’m not sure how to get the sessionId in my backend server since it’s an HTTP only cookie and I created the session from my front-end using the auth-js sdk.
Interestingly, I manually copied to HTTP session cookie from my browser into Postman and called DELETE sessions/${sessionId} and it gave a 204, but my user was still logged in. Why would that be the case?
In general, how could I close the Okta session from the backend and have it log my user out in the front end?
Just checked back in on this and noticed that the My Session Management endpoints link that appears on the docs page you sent (Understand how sessions work after the upgrade | Okta Developer ) opens to the old api//v1/sessions/{sessionId} endpoints, not the latest api/v1/sessions/me endpoint(s) as it is implying it should. I can’t find mention of the sessions/me endpoint in that API doc page.
Here is answer of your question what I know, lee me know if this will help you or not.
To close an Okta session from the backend and log the user out in the frontend, initiate communication between them. Frontend sends a request to the backend with session identifier. Backend then uses Okta’s SessionApi.revokeSession(sessionId) to revoke the session, and your frontend should clear its own session and update the UI accordingly.
For anyone who stumbles upon this later, our docs have been corrected and the /sessions/me endpoint is listed in our Sessions API docs, e.g. Close Current Session | Okta Developer