If I click ‘Log out’ and then ‘Log in’ again, I am not asked for my username & password again and I’m logged straight in.
How can I ensure that the user is fully logged out and will be required to enter username/password when they log in the second time?
Are you using a particular language or framework to develop your app?
Yes, sorry, forgot to mention it.
I am using Flask and Python
If you pass an ID token and an after logout redirect URI to /logout, it should work. You might have to do a redirect on the client side. For example, here’s how I’ve implemented it in Angular - where the /logout endpoint in my app returns an ID token and redirect URI.
this.authServerProvider.logout().subscribe((logout: Logout) => {
let logoutUrl = logout.logoutUrl;
const redirectUri = `${location.origin}${this.location.prepareExternalUrl('/')}`;
logoutUrl = logoutUrl + '?id_token_hint=' + logout.idToken + '&post_logout_redirect_uri=' + redirectUri;
window.location.href = logoutUrl;
});
Thank you, but it still not that clear for me…
Do you have an example with Flask maybe?
Thanks a lot!
Hi,
You need to logout from the okta portal also for now your user is just getting logged out of your application and not from the okta portal you can check something for SLO in the OKTA
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.