Hi @alin:
Both of the params you mentioned solve different use cases, but here is a simple example for why you’d want to use them:
- I want to use the
login_hintto pre-populate Okta’s login form with a user email address. This provides one less input step for the end-user, as they’ll only need to input their password. - If you want to terminate the user’s session in Okta, the
/logoutendpoint requires anid_token_hint(mapped to your identity token) parameter to locate the user. This is endpoint is commonly used after a token has expired and/or a user has requested to logout of an application.
Further, the OpenID Connect Core specification is incredibly helpful, and goes into significantly more detail.
Hope this helps!