Nonce support in post_logout_redirect_uri

The application I am integrating with expects a nonce query string parameter on the post logout callback. I need to pass this as part of the post_logout_redirect_uri parameter to Okta’s logout endpoint. Unfortunately, I’m getting Bad Request errors because Okta seems to want an exact match in the Sign-Out Redirect URIs and this nonce is randomly generated with each sign-out. Is there a way to make Okta ignore query string parameters or support a wildcard value when validating the sign-out URIs?

I’m trying to use post_logout_redirect_uri=https://devsite.local/identity/postexternallogout?nonce=c9b5e6e1eaa64cc28a594ccac477498e&ReturnUrl=https%3a%2f%2devsite.local%2flogin

Hi @EblingMis, it must be an exact match when CORS enabling this url. Also nonce is typically not something Okta includes in the query - Sign users out | Okta Developer. However, as your use case requires this I suggest sharing it with our Product Team via our Ideas Page.

1 Like