Customization of sign-out redirect URI in .NET ASP.NET Core


First let me mention that this question has been asked a few times, but with no apparent resolution - which is why I am raising it again:

For reference, I’ve been using the instructions and sample MVC app provided here.

The instructions provide the steps when using the default callback routes i.e. Admin Console side:

  • Sign-in redirect URIs set to https://{host}:{port}/authorization-code/callback
  • Sign-out redirect URIs set to https://{host}:{port}/signout/callback

This requires no customization in the .NET code.

I am trying to change those to:

  • Sign-in redirect URIs set to https://{host}:{port}/auth/okta/signin
  • Sign-out redirect URIs set to https://{host}:{port}/auth/okta/signout

For the sign-in redirect, setting OktaMvcOptions.CallbackPath works perfectly:

   .AddOktaMvc(new OktaMvcOptions
      OktaDomain = Configuration.GetValue<string>("Okta:OktaDomain"),
      AuthorizationServerId = Configuration.GetValue<string>("Okta:AuthorizationServerId"),
      ClientId = Configuration.GetValue<string>("Okta:ClientId"),
      ClientSecret = Configuration.GetValue<string>("Okta:ClientSecret"),
      CallbackPath = "/auth/okta/signin",
      Scope = new List<string> { "openid", "profile", "email" },

For the sign-out, I have not been able to figure how to customize it. I’ve attempted to set OktaMvcOptions.PostLogoutRedirectUri to /auth/okta/signout (with or without the host prefixed), but this has no effect on the post_logout_redirect_uri query string parameter included in the request to, i.e. it remains post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A7129%2Fsignout%2Fcallback.
I’ve also tried the post configure change suggested in this issue but it has not worked either.

What’s the equivalent of setting OktaMvcOptions.CallbackPath in the case of signout customization?

Thank you!


From one of the links from @laura.rodriguez

So, as you mentioned, we use the default SignedOutCallbackPath provided by the ASP.NET, and allow devs to overwrite SignedOutRedirectUri by setting the PostLogoutRedirectUri property.

The PostLogoutRedirectUri would be used to set the URL the browser redirects to after the IdP redirects to the callback URL which is /signout/callback
If I understand correct you want to overwrite the URL the IdP redirects the browser to, which would be this.

Did this not work for you?

Make sure you are setting,

options.SignedOutCallbackPath = "/custom-sign-out-callback";

and not,

options. SignedOutRedirectUri = "/custom-sign-out-callback";
1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.