I’m using Okta to handle the user authentication for a flask app more or less adapting this tutorial to my needs:
It all works great, except for the logout functionality. When I call oidc.logout(), my understanding is that it removes the local authentication token, but the server side token stays, so users never really get logged out (if they click login, they go back in without reauthentication, this isn’t the desired behaviour).
As per the documentation here ( https://developer.okta.com/docs/api/resources/oidc/#logout) , it says that I need to request the logout url with an id_token_hint. What exactly goes in this id_token_hint= field?
The only id_token I’m familiar with is the whole JWT ‘oidc_id_token’ with a bunch of sub fields like jti, iss, idp etc. is one of those fields what is being referred to as the “id_token_hint” needed to logout on the server side via the API?