How do we logout from Okta?


#1

I have three jsp pages. 1) index.jsp 2) login.jsp 3) logout.jsp. I would like users to click on logout button on index.jsp and that would take the user to logout.jsp page. In logout.jsp page I have following code. I thought this would be the surest way to get logged out from the session and get the tokens. Is there an another way to achieve this?

<script type= “text/javascript” >
var oktaSignIn = new OktaSignIn({
   baseUrl : “<%=props.getBaseUrl()%>”,
   clientId : “<%=props.getClientId()%>”,
   authParams : {
   issuer : “<%=props.getIssuerUrl()%>”,
   responseType : [ ‘token’, ‘id_token’ ],
   display : ‘page’
}
});

function logout(){
   oktaSignIn.signOut(’/’);
   /reirect to login page
   self.location = “login.jsp”;
}
  //logout from the system
  logout();
</script>


#2

Are you looking to clear your web app’s session or end the SSO session?


#3

I have to do both. It is an IOS cordova app. I want to make sure that the authorization code is no longer valid so that rest api server would not validate logged out token. Also when user opens the login.jsp page from cordova in-app-browser, it should not auto login after user has logged out.


#4

For an SSO logout you would need to first clear your web app’s session (something like session.invalidate() or equivalent wrapper in the framework you are using). Then you would need to redirect to a logout page and use the widget’s sign out functionality.

Does that help?


#5

I am not using any framework other than OktaSignIn for authentication and token in session. I trap the access token from in-app-browser event listener and store it in JavaScript context. It is a SPA app other than these Okta authentication helper jsp pages. To make it simple let us do not worry about cordova and IOS. How do we logout in a simple app with jsp pages?. It is a simple 3 page app with index.jsp, login.jsp, logout.jsp. index.jsp should show login button when user has logged out, logout button otherwise.


#6

Hey @ddas72

I’m not following 100% here, so lets back up a little. You mentioned JSPs so I was assuming you were there was server side state (Servlet Session). Are you just using the JSPs to filter in config values into your script blocks? Are you tracking any state on server side (session cookie or equivalent?)

Why are you using multiple pages for your spa app? (Shouldn’t be an issue, just want to make sure it doesn’t effect any answers given)

What behavior are you seeing currently?


#7

I see. this is getting complicated to explain the scenario. I had explored 100s of forum posts here and at stackoverflow to get to what I have. I am going to post a new simpler question.