CORS issue on logout

Hello there,
I have application build in .Net Core as rest api as backend technology and Angular 7 as client side, wherein i have implemented Okta using OpenIdConnect for SSO. I am able to login into application by returning ChallengeResult, though facing CORS issue while signing out of the application. Below is the screenshot in which you can see the end point used for signing out the user.

Also i have attached the CORS configuration added for the application.

And below is the problem i get in network tab if used signout end point.

Hope someone could help me in the same.

The /logout endpoint does not support CORS. You must redirect the browser to this endpoint to complete logout.

1 Like

@andrea Thanks for the quick response, though i think we are trying to do the same. You can see my singOut method in first screenshot. I have another sample application buil in .Net core web app and it seems working fine, the only difference i can see in URL after return SingoutResult is i cannot see id_token_hint in my original applications request.

https://dev-37072078.okta.com/oauth2/v1/logout?post_logout_redirect_uri=https://localhost:44339/signout-callback-oidc&state=CfDJ8EaoT66VSRtHvLfbCKwZHB0TAPu75P2LqM14hJKRjHizGI4GTvFkpRERTf5-JGBAbF5ovEN4IBBVPn8UwGj2s682BWNm7wTI-qfgrvkEvATn9xeGV1Kx0FAL9U8GJjWpajbBlgMVlkSms4FhNm49alU&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.6.0.0

If the id_token_hint is not getting passed to the /logout endpoint, logout will not work. This must be present to end the user’s session in Okta.

1 Like

Thank you very much. As i am getting CORS issue on returning SignoutResult, i will create url dynamically and change current url to logout url on click of logout. Hope logout URL for Okta won’t change that often.

It shouldn’t, but if you’re ever unsure of the /logout url, you can find all the OIDC endpoints for your auth server by going to the well-known endpoint: issuer/.well-known/openid-configuration

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.