I am using OKTA for OIDC Application. Login functionality of it is working fine.
But When i try to logout my OIDC application then i get an error in from OKTA side.
“end_session_endpoint”:“{host}/oauth2/{client}/v1/logout”
Application is retuning below error:
unable to download logout page.
What’s the value of your {client} variable? Is it the authorization server id? Because that’s what it should be, e.g. https://org.okta.com/oauth2/aus1234567890/v1/logout
Yes its similar to “https://org.okta.com/oauth2/aus1234567890/v1/logout”.
Is your application attempting to redirect to the /logout endpoint? Is it including the id token in the query parameters for this request (as the id_token_hint param)?
yes it is.
https:/{host}/oauth2/aus12…/v1/logout?id_token_hint=ey…
… I don’t understand the cause of this error. Why does it seem like the browser is attempting to download a file? Are you doing a browser redirect to the /logout endpoint?
I am just launching the logout page in browser so that it can logout properly.
Is logout functionality of OKTA works properly?
If yes do you have any sample application
We have several sample applications in various languages/frameworks, which you can find on Github: Okta, Inc · GitHub
All of these sample applications are OIDC applications that support login and logout
Do you know any configuration at server setup side, which stops the session logout operation?
Like i have tried with couple of ways, but with all we are not able to logout properly. It seems like there is some configuration which is retaining the session , even after logout.
are you attempting to complete the logout server-side? Are you or are you not redirecting to the /logout endpoint?
I have redirected it to /logout endpoint.
And how does the session persistence look after this /logout redirect? If the user navigates to Okta in another tab, are they still logged into Okta? Are you removing the session information from your application as well (clearing cookies/tokens)?