When clearing remote session of okta using /logout endpoint, it is not removing all the active sessions for the user.
Endpoint I used
${issuer}/oauth2/v1/logout?id_token_hint=${idToken}`
user A has logged in to 2 applications secured by Okta using single sign on feature. Now, IF user A do logout from one application, he should be logged out from both.
Can you please help to find out way to clear all the active session in okta?
Thank you
Sorry didn’t get your point. How this redirect will help?
i have gone through this
https://developer.okta.com/docs/guides/sign-users-out/react/sign-out-of-okta/
but it didn’t help me out
Ok, so let me take it back and ask you first:
The logout endpoint will only end the user’s session within the same browser they are redirected.
If you are looking to end sessions across other browsers, you can make a back-end call to the Users endpoint to delete all of a given user’s active sessions, including the option to revoke all issued access and refresh tokens.
In the documentation, there is a note that says it does not apply for web sign-in. So don’t end sessions across other browsers, correct? If it is correct, is there another way to do this?
" Note: This operation doesn’t clear the sessions created for web sign in or native applications."
I also faced the problem. When I logout SLO, it was logout, but when I login , it still login from session. how should I do it?
This is an old thread but deserves an answer:
Currently the API does not offer a way to list all the sessions a user may have open. There are two ways that can clear all the user’s sessions though:
The easy but ugly way is to use the API to suspend and then un-suspend the user. Suspending a user clears all their sessions.
The elegant but hard way is to crawl the system log and find the open session ids for the user and then call the sessions API to DELETE them.