How to close an Okta session from an RN mobile app without access to API token

Hello,

I am trying to close an Okta session from a mobile app (we have a web based login process which we load inside a WebView and the custom IdP sitting in front creates an Okta session)

For this purpose, I looked into this endpoint:
https://developer.okta.com/docs/reference/api/sessions/#close-current-session

curl -v -X DELETE \
-H "Accept: application/json" \
-H "Cookie: ${okta_session_cookie}" \
"https://${yourOktaDomain}/api/v1/sessions/me"

However, my request fails with this error code - so it is unable to find the endpoint
“errorCode”:“E0000007”,“errorSummary”:“Not found: Resource not found: me (Session)”,“errorLink”:“E0000007”,“errorId”:“oaeTXnnovDURSOJCDUqaAzVjQ”,“errorCauses”:

  1. Which is the correct endpoint to use?
  2. Where can I get the session cookie to set in this request without having access to an API token (for the admin endpoints)
  3. How should the cookie look like in the request? I have been trying to grab the JSESSIONID cookie from the /authorize call (making a guess) and setting it like:
    “Cookie”:“JSESSIONID=B8FF753F5F0D8871D7F4F129251EFB7B”

Please let me know if any other information is required

Many thanks

The /sessions/me endpoint is used in the browser to end the user session that was created in that browser, so this should be the right endpoint to use. Because this is a browser request, cookies in the browser just need to be included when the request is made. The cookie in question is the one called ‘sid’ set on the Okta domain.

Examples for how to do this with our SDKs:
iOS
Android
React Native

Hi, thanks for your quick response.
So essentially you mean I cannot make an AJAX request to this endpoint to end the session?

i will have to find some way to load the url in a browser or a webview I guess?
(I have tried this before and it seems to work with the logout endpoint, but I was hoping to have a way to do it by calling an endpoint)

You can make this via an AJAX request, you just need to make sure you include the cookies in the request. E.g

fetch('https://org.okta.com/api/v1/sessions/me', {method: 'DELETE', credentials: "include"})
.then((response) => {
    return response.json();
})