Issues with Kecloak integration (OIDC)

I have integrated Okta as an IdP in Keycloak. I am facing two issues with the integration:

  1. When the user logs in for the first time, a new user is created in Keycloak with appropriate roles. But for the subsequent logins, all the mapped roles get deleted from the Keycloak user. Even if I add roles to the user manually from Keycloak, as soon as the user logs in using Okta, the roles are removed from the user’s profile.
  2. When logging out, I see the following error in the browser if I logout after the token expires:
{"errorCode":"invalid_client","errorSummary":"A client_id must be provided in the request.","errorLink":"invalid_client","errorId":"oaevKZNtJFrRjqTZ_wCOsx6lA","errorCauses":[]}

One question - > “When the user logs in for the first time” - do you mean logs in to Okta or Keycloak and with which account?

The user is logging in with Okta. Our application uses Keycloak, and we have added Okta as an IdP in Keycloak.