Hi,
I want to sign user out from application. I tried Revoke all User Sessions using this API https://{yourOktaDomain}/api/v1/users/{userId}/sessions. But it didn’t sign user out from the application. How can I sign user out?
Hey are you using auth0?
I am using oauth2, and use okta-signin-widget GitHub - okta/okta-signin-widget: HTML/CSS/JS widget that provides out-of-the-box authentication UX for your organization's apps on front end.
There are three things you normally want to do when logging a user out:
- Revoke their tokens
- End their Application Session
- (optional, but common for enterprise integration) End their IdP session
The requests you listed only address the the first and the last items in the list, but I’m guessing you haven’t yet cleared the user’s application session, which is why they are still considered authenticated.
Since you’re already using the widget, I would highly recommend using AuthJS’s (a library that the Widget is built upon) signOut method. You’ll see that this method handles the requests you’re making, while also clearing the tokens from storage.
Thank you for discussing this.