Facing CORS issue on redirect to okta in logout api

I have integrated Spring webflux security to Okta OIDC login. I am able to login successfully through okta tile or hitting application URL. But I am facing CORS when I hit on logout or redirecting to login page.

I have added the application URL in Okta’s Trusted Origin(in path Security ->. API-> Trusted Origin) but no luck.

Are you using the /logout endpoint? As it does not support CORS. You must redirect the browser to this endpoint to complete logout.

1 Like

Ensure you have properly configured CORS in your Spring Security configuration. In a WebFlux application, this might involve explicitly allowing CORS requests in your security configuration class.

@EnableWebFluxSecurity
public class SecurityConfig {

@Bean
public SecurityWebFilterChain springSecurityFilterChain(ServerHttpSecurity http) {
    http
        .cors().and() // Enable CORS and configure below
        .authorizeExchange()
        .pathMatchers("/logout", "/login").permitAll() // Double check these paths aren't authenticated
        .anyExchange().authenticated()
        .and().oauth2Login() // OAuth2 login configuration
        .and().logout().logoutUrl("/logout").logoutSuccessUrl("/"); // Change to your required logoutbehaviour

    return http.build();
}

// Define the CORS configuration
@Bean
public CorsConfigurationSource corsConfigurationSource() {
    CorsConfiguration corsConfig = new CorsConfiguration();
    corsConfig.setAllowedOrigins(Arrays.asList("https://your-okta-domain.com", "http://localhost:3000"));
    corsConfig.setAllowedMethods(Arrays.asList("GET", "POST", "PUT", "DELETE", "OPTIONS"));
    corsConfig.setAllowedHeaders(Arrays.asList("Authorization", "Cache-Control", "Content-Type"));
    corsConfig.setAllowCredentials(true);

    UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
    source.registerCorsConfiguration("/**", corsConfig);
    return source;
}

}

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.