Issue with Logout for Okta Integration

Questions
1

Hi ,

I am doing Okta integration for one of our Asp .Net Core Web application.

I have downloaded sample asp.net core project and in that log in and log out works fine with Okta App.

Now I am trying to do this for my web app it is giving me this error message for Logout(Login operation works fine).:-
{“errorCode”:“invalid_client”,“errorSummary”:“A client_id must be provided in the request.”,“errorLink”:“invalid_client”,“errorId”:“oaeYBEEEpdkSuGTpTO3cRGeMg”,“errorCauses”:}

I try to analyse the it is something to do with idtoken not being passed when logout, I don’t know how to configure this from startup.cs or from any configuration.

Below is my configure services and configure methods. I am using Okta.AspNetCore package version 3.1.0, as used in sample project.

	public void ConfigureServices(IServiceCollection services)
    {
        
        //services.AddDistributedMemoryCache(); // Adds a default in-memory implementation of IDistributedCache
        services.AddSession();
        services.AddHttpContextAccessor();
        services.AddSingleton<Helpers.RequestHandler>();
        // services.AddTransient<IUserSession, UserSession>();

        #region "api service"  

        services.AddSingleton<TSClientQueries>();

        services.AddHttpClient<TSClient>("TSHttpClient",
            x => { x.BaseAddress = new Uri(Configuration["TSAPIConfiguration:BaseAddress"]); }
            ).AddPolicyHandler(GetRetryPolicy());

        services.AddSingleton<TSClientFactory>();

        #endregion

        #region "Cookie Authentication"


		services.ConfigureApplicationCookie(options =>
		{
			options.Cookie.HttpOnly = true;
			options.Cookie.SecurePolicy = CookieSecurePolicy.Always;

			
		})
		.AddAuthentication(options =>
		{
			options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
			//options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
			
		})
	   .AddCookie(options =>
	   {
		   options.LoginPath = "/Account/Login/";
		   options.LogoutPath = "/Account/OktaSignOut";
	   })
	   .AddOktaMvc(new OktaMvcOptions
	   {
	   // Replace these values with your Okta configuration
		   OktaDomain = Configuration.GetValue<string>("Okta:OktaDomain"),
		   AuthorizationServerId = Configuration.GetValue<string>("Okta:AuthorizationServerId"),
		   ClientId = Configuration.GetValue<string>("Okta:ClientId"),
		   ClientSecret = Configuration.GetValue<string>("Okta:ClientSecret"),
		   Scope = new List<string> { "openid", "profile", "email" },
        });
        
        #endregion

        services.AddControllersWithViews();
        //services.AddControllersWithViews(options =>
        //     options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute()));
        //.AddMvcOptions(options => options.Filters.Add(new AuthorizeFilter()));
        services.AddRazorPages();
        
    }

    // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
    public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
    {
        if (env.IsDevelopment())
        {
            app.UseDeveloperExceptionPage();
           // app.UseDatabaseErrorPage();
        }
        else
        {
            app.UseExceptionHandler("/Home/Error");
            
            app.UseHsts();
        }
        app.UseHttpsRedirection();
        
        //app.UseDefaultFiles();
       app.UseStaticFiles();

        app.UseRouting();
        
        
        app.UseAuthentication();
        app.UseAuthorization();
        app.UseSession();
        //AppContext.Configure(app.ApplicationServices.GetRequiredService<IHttpContextAccessor>());
        app.UseEndpoints(endpoints =>
        {
            endpoints.MapControllerRoute(
                name: "default",
                pattern: "{controller=Home}/{action=Index}/{id?}");
            endpoints.MapRazorPages();
            endpoints.MapControllers();
            
        });
        

        SelfServiceBusinessLogic.Helpers.AppContext.Configure(app.ApplicationServices.GetRequiredService<IHttpContextAccessor>());

    }

Logout Action is as below:-

public IActionResult OktaSignOut()
{
return new SignOutResult(
new
{
OktaDefaults.MvcAuthenticationScheme,
CookieAuthenticationDefaults.AuthenticationScheme,
},
new AuthenticationProperties { RedirectUri = “Home/” });

    }

Any help about this is much appreciated. I am stuck up with this issue for okta integration

Thanks,
Pratik

2

Hi there! Are you able to confirm whether or not you are passing the id_token_hint param on logout? That is typically the issue here.

Here are a couple threads that may be of use:

3

Thanks for your response.

I have gone through this links for solution of my problem. My problem is that my base source which I got from Okta samples is different than code sample shown in this solution.

I actually downloaded the source code from this link for my integration GitHub - okta/samples-aspnetcore: samples-aspnetcore and in these samples all the settings has been done with ConfigureServices method and no place to put this code for notications or use UseOpenIdConnectAuthentication method.

I also checked samples with verision 2.x source code, they are also same.

I have given my ConfigureServices and Configure method, but not sure where to add this code given in these solution.

Any help about this is much appreciated. I am stuck up with this issue for okta integration.

Thanks,
Pratik

4

This is issue is resolved now, I was setting up some extra session claim values, that was causing mess up with Okta session values, Issue is resolved after I removed that code.

1 Like
5

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.