Getting response 404 for OIDC Logout API call

Wrote custom code for logout functionality as Login initiated by App only.

LOGIN Configuration at Okta


Login redirect URIs : http://localhost:xxxx/ice

Logout redirect URIs : http://localhost:xxxx/ice/#/login

Login initiated by : App only

Initiate login URI : http://localhost:xxxx/ice

Getting this page after logout. Page getting logout from next time if i click on sign in using okta not redirecting to Okta for authentication.

And for logout used the url : https://dev-xxxxxxxx.okta.com/logout in my application. SSO implemented by OIDC.

- Page Not Found
            <script src="https://ok12static.oktacdn.com/assets/js/mvc/dll-common/dll.common.pack.8b078a70179c3025d5886ae18e26c728.js" crossorigin="anonymous" integrity="sha384-UjcwIO9r3xsVTlvL+/rlc8zIrl/nQoYm8i9IoaS/2I9gCQdTTDC6jQep8/x3jbqo" type="text/javascript"></script><script src="https://ok12static.oktacdn.com/assets/js/mvc/init-dll/main-init-dll.pack.40b602e77aa81c6e4824ee0d881edd3c.js" crossorigin="anonymous" integrity="sha384-vyLW6Bx7CSO60lXvtriJdOzEZcUgh+l5TLYEkYFo98av5UWOrBfTY+sFvkepcVho" type="text/javascript"></script><script src="https://ok12static.oktacdn.com/assets/js/saasure.nojquery.min.4e499154040d1c3af6b4c14db61775be.js" crossorigin="anonymous" integrity="sha384-sJXlBL4BfT8B1lLhhVRg8phjLN1Fegy/3LcykToibwAcSrHt38x1/LowA8I+4ZO3" type="text/javascript"></script><!--[if lt IE 9]><script src="https://ok12static.oktacdn.com/assets/enduser/js/vendor/css3-mediaqueries.fa295f0132f5335f352071ca3613a94a.js" crossorigin="anonymous" integrity="sha384-7pU2GSgyec3nzQMUNSuzanfJelP9UCOyHil0bOv+WnPKSS9lNA/tcxPyr7NV2w6c" type="text/javascript"></script><![endif]-->

Javascript is disabled on your browser.

Please enable Javascript and refresh this page to use Okta.

null
                    </div>
            </div>

            </div>

    <!--[if gte IE 8]>

<![if lte IE 10]>

<style>
.unsupported-browser-banner-wrap {
  padding: 20px;
  border: 1px solid #ddd;
  background-color: #f3fbff;
}
.unsupported-browser-banner-inner {
  position: relative;
  width: 735px;
  margin: 0 auto;
  text-align: left;
}
.unsupported-browser-banner-inner .icon {
  vertical-align: text-bottom;
  margin-right: 5px;
  display: inline-block;
  position: static !important;
}
.unsupported-browser-banner-inner a {
  text-decoration: underline;
}
</style>

<div class="unsupported-browser-banner-wrap">
  <div class="unsupported-browser-banner-inner">
    <span class="icon icon-16 icon-only warning-16-yellow"></span>You are using an unsupported browser. For the best experience, update to <a href="https://support.okta.com/help/s/article/Okta-Browser-and-OS-Support-Policy">a supported browser</a>.</div>
</div>

<![endif]>
<![endif]–>

404
404: Page Not Found

Page Not Found

We couldn't find the page you were looking for.

NONE

Hi there. Can you verify in your network tab that the format of your /logout call matches this?

GET https://{baseUrl}/logout?id_token_hint=${id_token}&post_logout_redirect_uri=${post_logout_redirect_uri}

More info here: Single Logout in applications | Okta

I am not sending the values for state and post_logout_redirect_uri as these 2 are optional, please let me know cale if i need to pass values for both of them ?

You are correct about those parameters being optional. If you are formatting it with /logout?id_token_hint=<id_token> then my guess is you are not sending the request to the auth server that granted the token.

Can you make sure your logout call is going to either

https://{youroktadomain}/oauth2/v1/logout

or

https://{youroktadomain}/oauth2/default/v1/logout

Or for option 2 - if you used another custom auth server instead of default.

The call should be made to the auth server that granted the token.

I am getting as below, do we need to certainly allow cookies for logout functionality ?

Any other alternative rather than allowing cookies ?

========================================================================

Javascript is disabled on your browser.&nbspPlease enable Javascript and refresh this page.

Refresh

Your OneDrive version is not supported

Upgrade now by installing the OneDrive for Business Next Generation Sync Client to login to Okta

Learn how to upgrade

Cookies are required

Cookies are disabled on your browser. Please enable Cookies and refresh this page.

Refresh

Powered by Okta

Privacy Policy

Well technically if you aren’t allowing ANY cookies then there’s no session to logout from =).

Keep in mind, calls to /logout do not revoke the id token passed in the hint - it kills the sid session cookie that is created when you login to Okta. If you are relying solely on tokens for a user’s session in your application, then you will need to manually clear the ID token out of wherever you have it stored locally.