Cannot set PostLogoutRedirectUri

I am using the example located at samples-aspnetcore/samples-aspnetcore-3x/okta-hosted-login at master · okta/samples-aspnetcore · GitHub. I have it configured to allow me to log in, but when when I hit the log out button, I get an error saying that my post logout uri is wrong. I added code to set this, but it seems to be getting ignored. How can I properly set PostLogoutRedirectUri ?

Code I added:
PostLogoutRedirectUri = “https://localhost:44306/signout-callback-oidc

Actual redirect: signout/callback

Desired redirect: signout-callback-oidc

Error message:
“The ‘post_logout_redirect_uri’ parameter must be a Logout redirect URI in the client app settings”

Sounds like you need to add the PostLogoutRedirectUri you configured in OktaMvcOptions as an allowed Logout redirect URI in the Application settings in the Okta admin console (Applications → Application → General → General Settings → Login → Logout redirect URIs), as below:

@andrea , no, I already have that setting on the Okta server. The issue is that this sample application refuses to provide the value that I want as the post_logout_redirect_uri parameter. It keeps setting it to https://localhost:44306/signout/callback, but I need it to be https://localhost:44306/signout-callback-oidc. When I try to set it in code, it doesn’t seem to make any difference.

       .AddOktaMvc(new OktaMvcOptions
       {
            // Replace these values with your Okta configuration
           OktaDomain = Configuration.GetValue<string>("Okta:OktaDomain"),
           AuthorizationServerId = Configuration.GetValue<string>("Okta:AuthorizationServerId"),
           ClientId = Configuration.GetValue<string>("Okta:ClientId"),
           ClientSecret = Configuration.GetValue<string>("Okta:ClientSecret"),
           Scope = new List<string> { "openid", "profile", "email" },

           PostLogoutRedirectUri = "https://localhost:44306/signout-callback-oidc", // "signout-callback-oidc", 

       });

I am seeing the same behavior:
image

Signout generated this request:
image
I did a search across the entire project for signout/callback, and got no results.

Can you instead try setting the URL you want users redirected to after log out has completed within AuthenticationProperties, as below:

[HttpPost]
public IActionResult SignOut()
{
return new SignOutResult(
        new[]
                {
        OktaDefaults.MvcAuthenticationScheme,
        CookieAuthenticationDefaults.AuthenticationScheme,
        },
                new AuthenticationProperties { RedirectUri = "<INSERT-YOUR-POST-URL-HERE>" });
}

I believe that is already in place. Here is my current method in that spot:

        [HttpPost]
        public IActionResult SignOut()
        {
            return new SignOutResult(
                new[]
                {
                     OktaDefaults.MvcAuthenticationScheme,
                     CookieAuthenticationDefaults.AuthenticationScheme,                     
                }
                , new AuthenticationProperties { RedirectUri = "https://localhost:5001/Account/PostSignOut" }
                );
        }

I found the /signout/callback reference - it’s in the AspNetCore.dll as a default:

Not sure why it won’t allow me to override it, or why it wouldn’t work if I create a callback with that uri.

@robbsadler Thanks! this is helpful! but I need to add a parameter to the post_logout_redirect_uri.

so im trying to have post_logout_redirect_uri=localhost:44306?logoutId=abc123

how can I add this

I’m trying to find out how to get it to work. I have all of the settings as far as I know, yet it is still using the default setting. But even if I set up a page matching those default settings, it gives me an error. Hopefully we can figure it out.

I started with the generated code from the OKTA CLI, filled in my settings, and had this error right out of the box.

1 Like

@andrea - any chance you can get us over this hurdle? I guess I could write an ajax call to logout and just throw away the result and redirect to the home page, since the logout is successful but throws this error.

As I mentioned above, this code is right out of the CLI example for .net core. There seems to be something missing in that solution. I don’t believe I made any modifications to the logout other than inserting my particular application configuration per the instructions. I think you could repro by just cloning it and trying to make it work.

Thanks for any assistance - really appreciated!

I want to try and document this carefully so it can be followed up. I no longer need assistance as I have determined the issue, and have a workaround. This seems to be an issue with the expectations of the SDK / OKTA service.

I had tried to simply set my sign-out redirect URI and that failed.

Upon further inspection, I found that regardless of what URI I set in my code, the logout request included the following:

...post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A5001%2Fsignout%2Fcallback

Note that it is set to “/signout/callback”.

In my code I have “/account/postsignout” in both places where this could be set:

In Startup.cs:
image

In AccountController Signout:

And if I search my code for “signout/callback”, it is nowhere to be found. But the SDK / OKTA service seemed to be stuck on it, so I added it to my application settings and to a controller.

image

The result is that the same error appeared. Then the thought occurred to me that it might be case sensitive.

So I changed the setting to be all lowercase:

image

Voila! It started working! So I tried removing the signout/callback controller and just left the setting in the OKTA application sign-out redirect URIs, and it is now working great.

So this may be something to check out on the OKTA side. I am now successfully logging in and out and redirecting.

Hope this is helpful to someone!

2 Likes