Https://********.okta.com/oauth2/default/v1/logout throws 400 error

ArunKumar · May 13, 2023, 6:10am

While logging out from my web app this Api (https://*****.okta.com/oauth2/default/v1/logout) throws 400 error even though i listed the redirect sign-out uri in okta portal

Note: i am using MSAL for my web application to do login and logout actions.

this the logout code snippet i am using in my application

andrea · May 15, 2023, 9:52pm

What’s the exact error you are seeing when /logout is invoked? Have you ensured that you are actually using the “Default” Custom Authorization Server to get tokens (e.g. calling https://OktaDomain.com/oauth2/default/v1/authorize)?

If you remove the post_logout_redirect_uri from your /logout request, do you still get the same error?

Sherry · May 16, 2023, 5:49pm

As Andrea mentioned, the exact error would help in narrowing down the issue, and it seems that you’re using the default authz server from the logout uri you mentioned, so you need to be using the same authz server to get tokens.

ArunKumar · May 17, 2023, 7:17am

@andrea @Sherry I am getting from this Api when signing in

After initiating logout this Api get succeeded.

with idTokenHint but still the Okta Logout throws error

So i can sign in into my application without credential’s / application open with previous user credential

Note: I am Using Azure B2C Custom Policy

andrea · May 17, 2023, 3:22pm

Hold up, you’re getting tokens from Microsoft, not Okta? Or are you getting tokens from both?

ArunKumar · May 18, 2023, 6:54am

@andrea We are using B2C custom policy in which we are using multiple IDP based on customer’s. were OKTA is one, and by using MSAL, we authenticate in our React application. here i am getting the token from OKTA

andrea · August 7, 2023, 3:22pm

So its the ID token from Okta that you’re sending to /logout? Can you share an example URL (with the token censored appropriately) that is encountering this 400?