Not able to logout from Spring Oauth2 client integrated with Okta

Nelson · July 27, 2024, 9:38pm

I have a spring web app integrated with Okta. I am not able to logout from my web app.
My code config is as below:

@Bean
public OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler(ClientRegistrationRepository clientRegistrationRepository) {
	
	OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler = 
			new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
	
	logoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}");
	
	return logoutSuccessHandler; 
}

In the spring security I have:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(“/health”).permitAll()
.anyRequest().authenticated()
.and()
.logout(logout → logout.logoutSuccessHandler(logoutSuccessHandler))
.oauth2Login(oauth2 → oauth2.authorizationEndpoint(auth → auth.authorizationRequestResolver(oAuth2AuthorizationRequestResolver)));

    return http.build();
}

I’ve tried GET /logout and POST /logout from my web page, but it doesnt logout and I continue to see the OidcUser object values on the page.

Please help!!!

Nelson · July 29, 2024, 4:50pm

I have managed to resolve it myself. Actually, spring didn’t redirect to the Okta logout URL, so I have configured the logout URL while creating the ClientRegistrationRepository as below:

String issuerUri = oAuth2ClientProperties.getProvider().get(“okta”).getIssuerUri();
String logoutUri = issuerUri + “/v1/logout”;

.providerConfigurationMetadata(Map.of(“end_session_endpoint”, logoutUri)

So my complete ClientRegistration looks like this:

String clientId = oAuth2ClientProperties.getRegistration().get(“okta”).getClientId();
String clientSecret = oAuth2ClientProperties.getRegistration().get(“okta”).getClientSecret();
String issuerUri = oAuth2ClientProperties.getProvider().get(“okta”).getIssuerUri();
String authUri = oAuth2ClientProperties.getProvider().get(“okta”).getAuthorizationUri();
String tokenUri = oAuth2ClientProperties.getProvider().get(“okta”).getTokenUri();
String userInfoUri = oAuth2ClientProperties.getProvider().get(“okta”).getUserInfoUri();
String jwkUri = oAuth2ClientProperties.getProvider().get(“okta”).getJwkSetUri();
String logoutUri = issuerUri + “/v1/logout”;

        return CommonOAuth2Provider.OKTA.getBuilder("okta")
        		.clientId(clientId)
        		.clientSecret(clientSecret)
        		.issuerUri(issuerUri)
        .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)

.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope(“openid”, “email”, “profile”, “my-custom-scope”)
.authorizationUri(authUri)
.tokenUri(tokenUri)
.userInfoUri(userInfoUri)
.userNameAttributeName(IdTokenClaimNames.SUB)
.jwkSetUri(jwkUri)
.providerConfigurationMetadata(Map.of(“end_session_endpoint”, logoutUri))
.build();

system · July 30, 2024, 4:51pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Logout from OIDC web app OAuth/OIDC spring , java	5	7646	January 12, 2024
Facing CORS issue on redirect to okta in logout api OAuth/OIDC	3	1324	February 2, 2024
How to Logout from Springboot App and Okta Questions spring	3	10973	December 11, 2017
PostLogoutRedirectUri callback not configurable OAuth/OIDC dotnet	4	224	September 16, 2024
Can't log out users Questions	6	8087	October 20, 2020

Not able to logout from Spring Oauth2 client integrated with Okta

Related Topics