Is it possible to do force logout without id_token_hint

Hi OKTA Team,
I have one scenarion when multiple user are logging-in on same browser causes singout not working correctly if in case there is some error during signout, in this is it possible to do force-logout of current user session or last logged-in session on same browser instance without Id_token?
OR in case it is not possible , any workaround to clear login session?

Please help me out here.
Thanks in advance !

Hello,
The correct way to logout of an OIDC application in Okta is to use the /logout endpoint of the authorization server the application used to /authorize into. This does require the id_token in order to know the OIDC client that was used.

If you are mostly concerned with removing the Okta session cookie stored in the browser, then you could use the same logout endpoint as when a user logs out of the Okta dashboard.

https://{domain}.okta.com/login/signout?fromURI=http://localhost:3001

The fromURI (a non supported parameter) will allow you to redirect the browser to any endpoint you have setup in the trusted origins with redirect capabilities.

At anytime the fromURI parameter may stop working, and is not an officially supported parameter. Your application should be setup in a way so that is can correctly call the authorization servers /logout endpoint with the id_token.

1 Like