This week I’ve been trying to learn how to externally expire a specific users session with our Angular application. The main purpose of this was to troubleshoot a problem we’re having with expired sessions. However I found it impossible to actually accomplish this task.
To attempt to better understand the issue and simplify things, I created a basic new Angular app and added Okta auth support using the Okta schematics as described in the documentation. The result is extremely simple and only has a basic login button that redirects to a login form, once authenticated you are returned to the application and the “logout” button is visible. Dead simple and it works fine. I found that I couldn’t externally expire the session in the simple application either.
In both cases I could refresh the Angular application and I was still logged in. However, every time I use one of the above methods, it does log me out of the Okta Dashboard for my Okta developer domain. So those calls are doing something, but they don’t seem to be having an effect on my Angular applications…
Am I missing something here? Do I need to do something extra in the Angular configuration to ensure that it’s always validating the session? I’m pretty sure those Clear Session calls are working, but it doesn’t seem like the Angular app is honoring the state. I’m really stuck here and would really appreciate insight that anyone could provide,