I’m using Django with mozilla-django-oidc to handle my openid connect authentication. This module allows me to specify a custom logout mechanism and I’m running into an issue where it throws a 400 Bad Request error when I try to use the custom logout url.
The URL looks like:
https://<my okta org>/oauth2/default/v1/logout?id_token_hint=<my csrf token>&post_logout_redirect_uri=<my post logout url>
Only this causes the 400 Bad Request error and throws up this error data:
|errorCode|invalid_client| |---|---| |errorSummary|Invalid value for 'client_id' parameter.| |errorLink|invalid_client| |errorId|oaeSst18EBASayc_PcZ4ibbBQ| |errorCauses||
What does the client id have to do with the logout URL? It’s not something that changes during the session at all (and I wouldn’t even be able to log in if the client id were incorrect anyway).