"Invalid value for 'client_id' parameter." On logout

Hello!

I’m using Django with mozilla-django-oidc to handle my openid connect authentication. This module allows me to specify a custom logout mechanism and I’m running into an issue where it throws a 400 Bad Request error when I try to use the custom logout url.

The URL looks like:

https://<my okta org>/oauth2/default/v1/logout?id_token_hint=<my csrf token>&post_logout_redirect_uri=<my post logout url>

Only this causes the 400 Bad Request error and throws up this error data:

|errorCode|invalid_client|
|---|---|
|errorSummary|Invalid value for 'client_id' parameter.|
|errorLink|invalid_client|
|errorId|oaeSst18EBASayc_PcZ4ibbBQ|
|errorCauses|[]|

What does the client id have to do with the logout URL? It’s not something that changes during the session at all (and I wouldn’t even be able to log in if the client id were incorrect anyway).

Any thoughts?

Are you sending the raw jwt ID Token as the id_token_hint in your /logout redirect?

That error usually crops up if the id token, which is the auth for this request, is missing or malformed.

Turns out I was not! I realized it just as I got your response. I was passing it the csrf token by accident. whoops.

Thanks!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.