CORS issue on logout

shripadgodse · March 8, 2022, 2:27pm

Hello there,
I have application build in .Net Core as rest api as backend technology and Angular 7 as client side, wherein i have implemented Okta using OpenIdConnect for SSO. I am able to login into application by returning ChallengeResult, though facing CORS issue while signing out of the application. Below is the screenshot in which you can see the end point used for signing out the user.

Also i have attached the CORS configuration added for the application.

And below is the problem i get in network tab if used signout end point.

Hope someone could help me in the same.

andrea · March 8, 2022, 4:19pm

The /logout endpoint does not support CORS. You must redirect the browser to this endpoint to complete logout.

shripadgodse · March 9, 2022, 6:43am

@andrea Thanks for the quick response, though i think we are trying to do the same. You can see my singOut method in first screenshot. I have another sample application buil in .Net core web app and it seems working fine, the only difference i can see in URL after return SingoutResult is i cannot see id_token_hint in my original applications request.

https://dev-37072078.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https://localhost:44339/signout-callback-oidc&state=CfDJ8EaoT66VSRtHvLfbCKwZHB0TAPu75P2LqM14hJKRjHizGI4GTvFkpRERTf5-JGBAbF5ovEN4IBBVPn8UwGj2s682BWNm7wTI-qfgrvkEvATn9xeGV1Kx0FAL9U8GJjWpajbBlgMVlkSms4FhNm49alU&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0

andrea · March 9, 2022, 4:39pm

If the id_token_hint is not getting passed to the /logout endpoint, logout will not work. This must be present to end the user’s session in Okta.

shripadgodse · March 10, 2022, 9:20am

Thank you very much. As i am getting CORS issue on returning SignoutResult, i will create url dynamically and change current url to logout url on click of logout. Hope logout URL for Okta won’t change that often.

andrea · March 10, 2022, 7:28pm

It shouldn’t, but if you’re ever unsure of the /logout url, you can find all the OIDC endpoints for your auth server by going to the well-known endpoint: issuer/.well-known/openid-configuration

system · March 11, 2022, 7:28pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Asp.Net OpenID Logout Issues OAuth/OIDC dotnet	9	12352	February 10, 2024
CORS issue when trying to logout API (OIDC) Questions	3	3561	November 6, 2020
Facing CORS issue on redirect to okta in logout api OAuth/OIDC	3	1334	February 2, 2024
CORS error while calling OKTA logout API Questions	4	7128	November 6, 2020
PostLogoutRedirectUri callback not configurable OAuth/OIDC dotnet	4	229	September 16, 2024

CORS issue on logout

Related topics