Can't logout from Okta App (Express, passport-oidc)

Good day.

Facing the strange issue, that I can’t resolve without help.
Am building authorization module for some old NodeJS application. For some reasons I have to use passport & passport-openidconnect npm modules.

This is passport config, it works as expected

passport.use('oidc', new OidcStrategy({
    	issuer: issuer,
    	authorizationURL: AUTHORIZATION_SERVICE + '/oauth2/default/v1/authorize',
    	tokenURL: AUTHORIZATION_SERVICE + '/oauth2/default/v1/token',
    	userInfoURL: AUTHORIZATION_SERVICE + '/oauth2/default/v1/userinfo',
    	clientID: CLIENT_ID,
    	clientSecret: CLIENT_SECRET,
    	callbackURL: BASE_URL + ON_SIGN_IN,
    	appBaseUrl: BASE_URL,
    	scope: DEFAULT_SCOPE
},  (issuer, sub, profile, accessToken, refreshToken, done) =>  done(null, profile)));

Ok, login process works fine, user is stored in passport session, application works as expected.

But when am trying to logout with this express middleware
const _clearSession = (req, res) => {
despite the session is destroyed, user remains still logged in Okta account somehow, so instead of going to the Okta login form user immediately sees the default page as the authorized user.

Also tried to logout with /revoke enpoint:
with params token hint, token, client id, client secret.
But it failed with error that “invalid_client”.

Could someone help me to solve this issue?

Thanks in advance

Hi Oleg,

revoke won’t be able to fix it for you, as it only revokes the token, but the problem is a user’s browser still has a session cookie with Okta, that’s why they are able to immediately pass through login process.

I’m not very familiar with passport and nodejs, but I’d recommend to use logout request instead if you can’t make passport work for you

Thank you, phi1ipp. Will try to implement this way.