Sounds like you need to add the PostLogoutRedirectUri you configured in OktaMvcOptions as an allowed Logout redirect URI in the Application settings in the Okta admin console (Applications → Application → General → General Settings → Login → Logout redirect URIs), as below:
@andrea , no, I already have that setting on the Okta server. The issue is that this sample application refuses to provide the value that I want as the post_logout_redirect_uri parameter. It keeps setting it to https://localhost:44306/signout/callback, but I need it to be https://localhost:44306/signout-callback-oidc. When I try to set it in code, it doesn’t seem to make any difference.
.AddOktaMvc(new OktaMvcOptions
{
// Replace these values with your Okta configuration
OktaDomain = Configuration.GetValue<string>("Okta:OktaDomain"),
AuthorizationServerId = Configuration.GetValue<string>("Okta:AuthorizationServerId"),
ClientId = Configuration.GetValue<string>("Okta:ClientId"),
ClientSecret = Configuration.GetValue<string>("Okta:ClientSecret"),
Scope = new List<string> { "openid", "profile", "email" },
PostLogoutRedirectUri = "https://localhost:44306/signout-callback-oidc", // "signout-callback-oidc",
});
I’m trying to find out how to get it to work. I have all of the settings as far as I know, yet it is still using the default setting. But even if I set up a page matching those default settings, it gives me an error. Hopefully we can figure it out.
I started with the generated code from the OKTA CLI, filled in my settings, and had this error right out of the box.
@andrea - any chance you can get us over this hurdle? I guess I could write an ajax call to logout and just throw away the result and redirect to the home page, since the logout is successful but throws this error.
As I mentioned above, this code is right out of the CLI example for .net core. There seems to be something missing in that solution. I don’t believe I made any modifications to the logout other than inserting my particular application configuration per the instructions. I think you could repro by just cloning it and trying to make it work.
I want to try and document this carefully so it can be followed up. I no longer need assistance as I have determined the issue, and have a workaround. This seems to be an issue with the expectations of the SDK / OKTA service.
I had tried to simply set my sign-out redirect URI and that failed.
And if I search my code for “signout/callback”, it is nowhere to be found. But the SDK / OKTA service seemed to be stuck on it, so I added it to my application settings and to a controller.
The result is that the same error appeared. Then the thought occurred to me that it might be case sensitive.
So I changed the setting to be all lowercase:
Voila! It started working! So I tried removing the signout/callback controller and just left the setting in the OKTA application sign-out redirect URIs, and it is now working great.
So this may be something to check out on the OKTA side. I am now successfully logging in and out and redirecting.