and then use window.location.href to navigate to it.
The problem comes on the return from Okta - it comes back with a code / state in its url as if I’d requested the login process. My auth code then automatically signs the user in automatically.
My question is why does it come back trying to re-initiate a login, and not just back to the logout redirect uri?
I would suggest collecting a HAR/network log and see what could be triggering a login. Okta should be redirecting to https://localhost:44333 after logout. I believe it will contain a state in the url but it shouldn’t return an authorization code. https://developer.okta.com/docs/reference/api/oidc/#response-example-success-4