Wrote custom code for logout functionality as Login initiated by App only.

LOGIN Configuration at Okta

Login redirect URIs : http://localhost:xxxx/ice

Logout redirect URIs : http://localhost:xxxx/ice/#/login

Login initiated by : App only

Initiate login URI : http://localhost:xxxx/ice

Getting this page after logout. Page getting logout from next time if i click on sign in using okta not redirecting to Okta for authentication.

And for logout used the url : https://dev-xxxxxxxx.okta.com/logout in my application. SSO implemented by OIDC.

            <script src="https://ok12static.oktacdn.com/assets/js/mvc/dll-common/dll.common.pack.8b078a70179c3025d5886ae18e26c728.js" crossorigin="anonymous" integrity="sha384-UjcwIO9r3xsVTlvL+/rlc8zIrl/nQoYm8i9IoaS/2I9gCQdTTDC6jQep8/x3jbqo" type="text/javascript"></script><script src="https://ok12static.oktacdn.com/assets/js/mvc/init-dll/main-init-dll.pack.40b602e77aa81c6e4824ee0d881edd3c.js" crossorigin="anonymous" integrity="sha384-vyLW6Bx7CSO60lXvtriJdOzEZcUgh+l5TLYEkYFo98av5UWOrBfTY+sFvkepcVho" type="text/javascript"></script><script src="https://ok12static.oktacdn.com/assets/js/saasure.nojquery.min.4e499154040d1c3af6b4c14db61775be.js" crossorigin="anonymous" integrity="sha384-sJXlBL4BfT8B1lLhhVRg8phjLN1Fegy/3LcykToibwAcSrHt38x1/LowA8I+4ZO3" type="text/javascript"></script><!--[if lt IE 9]><script src="https://ok12static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js" crossorigin="anonymous" integrity="sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c" type="text/javascript"></script><![endif]-->

null

                    </div>
            </div>

            </div>

    <!--[if gte IE 8]>

<![if lte IE 10]>

<style>
.unsupported-browser-banner-wrap {
  padding: 20px;
  border: 1px solid #ddd;
  background-color: #f3fbff;
}
.unsupported-browser-banner-inner {
  position: relative;
  width: 735px;
  margin: 0 auto;
  text-align: left;
}
.unsupported-browser-banner-inner .icon {
  vertical-align: text-bottom;
  margin-right: 5px;
  display: inline-block;
  position: static !important;
}
.unsupported-browser-banner-inner a {
  text-decoration: underline;
}
</style>

<div class="unsupported-browser-banner-wrap">
  <div class="unsupported-browser-banner-inner">
    <span class="icon icon-16 icon-only warning-16-yellow"></span>You are using an unsupported browser. For the best experience, update to <a href="https://support.okta.com/help/s/article/Okta-Browser-and-OS-Support-Policy">a supported browser</a>.</div>
</div>

<![endif]>
<![endif]–>

404

Page Not Found

We couldn't find the page you were looking for.

Go to Homepage

NONE

Hi there. Can you verify in your network tab that the format of your /logout call matches this?

GET https://{baseUrl}/logout?id_token_hint=${id_token}&post_logout_redirect_uri=${post_logout_redirect_uri}

More info here: Single Logout in applications | Okta

I am not sending the values for state and post_logout_redirect_uri as these 2 are optional, please let me know cale if i need to pass values for both of them ?

You are correct about those parameters being optional. If you are formatting it with /logout?id_token_hint=<id_token> then my guess is you are not sending the request to the auth server that granted the token.

Can you make sure your logout call is going to either

https://{youroktadomain}/oauth2/v1/logout

or

https://{youroktadomain}/oauth2/default/v1/logout

Or for option 2 - if you used another custom auth server instead of default.

The call should be made to the auth server that granted the token.

I am getting as below, do we need to certainly allow cookies for logout functionality ?

Any other alternative rather than allowing cookies ?

========================================================================

Javascript is disabled on your browser.&nbspPlease enable Javascript and refresh this page.

Refresh

Your OneDrive version is not supported

Upgrade now by installing the OneDrive for Business Next Generation Sync Client to login to Okta

Learn how to upgrade

Cookies are required

Cookies are disabled on your browser. Please enable Cookies and refresh this page.

Refresh

Powered by Okta

Privacy Policy

Well technically if you aren’t allowing ANY cookies then there’s no session to logout from =).

Keep in mind, calls to /logout do not revoke the id token passed in the hint - it kills the sid session cookie that is created when you login to Okta. If you are relying solely on tokens for a user’s session in your application, then you will need to manually clear the ID token out of wherever you have it stored locally.

I’m facing a similar problem , as mentioned in this thread. I grabbed the session token to pass it in the state parameter . Step 1 is to post a curl request to authn server, Step 2: is to post to authorize server
and to get the code and state back.However I’m getting javascript is not enabled in your browser , please enable javascript and try again. Perhaps, I’m wondering if I should post a curl request again from the terminal, to circumvent this issue. Redirect URI and the state value is posted in present in the global variables. Is this an postman issue ?

curl -v -X POST \
-H "Accept: application/json" \
-H "Content-Type: application/json" \
-d '{
  "username": "******",
  "password": "*******",
  "options": {
    "multiOptionalFactorEnroll": false,
    "warnBeforePasswordExpired": false
  }
}' "https://domain/api/v1/authn"

step2:
{{url}}/oauth2/v1/authorize?client_id={{clientId}}&response_type=code&response_mode=form_post&scope={{scopes}}&redirect_uri={{redirectUri}}&state={{state}}

yet another URL: Custom Authorization Server
{{url}}/oauth2//v1/authorize?client_id={{clientId}}&response_type=code&response_mode=form_post&scope={{scopes}}&redirect_uri=http://localhost:8080&state=

global parameters 2919×74 9.86 KB

okta_postman_console2560×135 27.6 KB

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.