[Laravel] Logout User with OpenID

I find myself stuck and in need of a little help.

I’m integrating Okta into a Laravel 8 application, however, while the /logout route will end the local user session, they are automatically logged in again with the Okta service.

I’m using Laravel 8 with the socialite-Okta service provider. Logging in works great, I’m just not able to logout successfully.

I’ve even tried adding an HTTP request to the logout function in the Auth/Login controller to kill the token session both with logout and revoke endpoints but no luck their either.

Has anyone had any luck handling a successful Okta logout in a Laravel app?

Thank you!!!

@Kburkhart,

Do you know if Laravel calls the /logout endpoint of Okta?

This endpoint takes an ID token and logs the user out of Okta if the subject matches the current Okta session.

Can you elaborate:

  1. Where should the ID token come from? Is this the same token that is given when a user logs into OKTA?
  2. What is subject in the context of if the subject matches
  3. Is the Okta session the same as the sid? And if so, should the sid be saved and shown in the applications tab of a google chrome browser?

Thank you.

  1. id_token_hint value is the raw JWT string for the ID token issued during user login
  2. the subject is the user. So if the user that is currently logged into Okta on the browser matches the id token sent to the logout endpoint, then the call will succeed. Aka, you cannot use the logout endpoint in a different browser than the one the user is currently logged in on, this endpoint is used to remove the Okta session cookie and won’t work otherwise
  3. the ‘sid’ cookie represents the Okta session, yes. Once logout is called and succeeds, you will no longer see the “sid” cookie on the Okta domain (until the user logs into Okta again)
1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.