Https://********.okta.com/oauth2/default/v1/logout throws 400 error

Questions OAuth/OIDC
1

While logging out from my web app this Api (https://*****.okta.com/oauth2/default/v1/logout) throws 400 error even though i listed the redirect sign-out uri in okta portal

Note: i am using MSAL for my web application to do login and logout actions.

image
image995×510 22.7 KB

this the logout code snippet i am using in my application

function handleLogout(instance: IPublicClientApplication) {
instance.setActiveAccount(instance.getAllAccounts()[0]);
instance.logoutRedirect({
postLogoutRedirectUri: “/logout” , idTokenHint: idToken,
}).catch((e) => {
console.error(e);
});
}

2

What’s the exact error you are seeing when /logout is invoked? Have you ensured that you are actually using the “Default” Custom Authorization Server to get tokens (e.g. calling https://OktaDomain.com/oauth2/default/v1/authorize)?

If you remove the post_logout_redirect_uri from your /logout request, do you still get the same error?

1 Like
3

As Andrea mentioned, the exact error would help in narrowing down the issue, and it seems that you’re using the default authz server from the logout uri you mentioned, so you need to be using the same authz server to get tokens.

4

@andrea @Sherry I am getting from this Api when signing in

image
image1406×251 14.8 KB

image
image792×335 22.1 KB

After initiating logout this Api get succeeded.

image
image1907×525 56.9 KB

with idTokenHint but still the Okta Logout throws error

image
image1831×206 11.3 KB

So i can sign in into my application without credential’s / application open with previous user credential

Note: I am Using Azure B2C Custom Policy

5

Hold up, you’re getting tokens from Microsoft, not Okta? Or are you getting tokens from both?

6

@andrea We are using B2C custom policy in which we are using multiple IDP based on customer’s. were OKTA is one, and by using MSAL, we authenticate in our React application. here i am getting the token from OKTA

7

So its the ID token from Okta that you’re sending to /logout? Can you share an example URL (with the token censored appropriately) that is encountering this 400?