We are getting “invalid_client” error when we called logout endpoint using like https://{yourdomain}.okta.com/oauth2/default/v1/logout?id_token_hint={TOKEN}. We used id_token (what we got from /token endpoint) as id_token_hint.
I am attaching the error response we got from the logout endpoint; please assist with it.
Interesting! Are you positive you are using the “default” (/oauth2/default) authorization server to login?
Same here…
And I was login to the authorization server using default’s one
@Okta Team, any updates regarding this issue?
Having the same issue. Used default authorization server.
We are eagerly looking for some solution on it, please update on it.
The only time I’ve seen this error message is if the id_token_hint did not include a valid id_token.
Do you consistently encounter this error anytime you try to redirect to the logout endpoint with an id_token? Are you sure you are sending an id token in the request, not an access token?
Yes, we are getting this error whenever redirected to the logout endpoint with an id_token. Yes, we are sending the same id_token that we got from the token endpoint.
Since I have access to the logs for the failure you shared in your screenshot, I checked, and the token I see getting passed to the logout endpoint is an access token, not an id token (it contains a “scp” claim and the ‘jti’ claim starts with ‘AT’, which is how I can tell its an access token). Details about the different claims that appear in each type of token listed here: OpenID Connect & OAuth 2.0 API | Okta Developer.
Double check that you are sending an ID token (the ‘jti’ will start with ‘ID’) along to this endpoint.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.
