Nonce support in post_logout_redirect_uri

EblingMis · January 9, 2023, 11:11pm

The application I am integrating with expects a nonce query string parameter on the post logout callback. I need to pass this as part of the post_logout_redirect_uri parameter to Okta’s logout endpoint. Unfortunately, I’m getting Bad Request errors because Okta seems to want an exact match in the Sign-Out Redirect URIs and this nonce is randomly generated with each sign-out. Is there a way to make Okta ignore query string parameters or support a wildcard value when validating the sign-out URIs?

I’m trying to use post_logout_redirect_uri=https://devsite.local/identity/postexternallogout?nonce=c9b5e6e1eaa64cc28a594ccac477498e&ReturnUrl=https%3a%2f%2devsite.local%2flogin

sigama · January 10, 2023, 2:03am

Hi @EblingMis, it must be an exact match when CORS enabling this url. Also nonce is typically not something Okta includes in the query - Sign users out | Okta Developer. However, as your use case requires this I suggest sharing it with our Product Team via our Ideas Page.

system · February 12, 2024, 11:05pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Does Okta support wildcards in post_logout_redirect_uris? OAuth/OIDC	6	1034	April 30, 2024
Error: The 'post_logout_redirect_uri' parameter must be a Logout redirect URI in the client app settings OAuth/OIDC	4	1112	June 13, 2024
400 upon logout, redirect URI looks fine, no other clues Questions	4	2226	February 15, 2024
400 Bad Request when trying to logout by redirecting OAuth/OIDC	3	3452	February 15, 2024
Sign-out Redirect URI seemingly ignored Questions	6	5748	June 10, 2021

Nonce support in post_logout_redirect_uri

Related topics