Nelson
July 27, 2024, 9:38pm
1
I have a spring web app integrated with Okta. I am not able to logout from my web app.
My code config is as below:
@Bean
public OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler(ClientRegistrationRepository clientRegistrationRepository) {
OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler =
new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
logoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}");
return logoutSuccessHandler;
}
In the spring security I have:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(“/health”).permitAll()
.anyRequest().authenticated()
.and()
.logout(logout → logout.logoutSuccessHandler(logoutSuccessHandler))
.oauth2Login(oauth2 → oauth2.authorizationEndpoint(auth → auth.authorizationRequestResolver(oAuth2AuthorizationRequestResolver)));
return http.build();
}
I’ve tried GET /logout and POST /logout from my web page, but it doesnt logout and I continue to see the OidcUser object values on the page.
Please help!!!
Nelson
July 29, 2024, 4:50pm
2
I have managed to resolve it myself. Actually, spring didn’t redirect to the Okta logout URL, so I have configured the logout URL while creating the ClientRegistrationRepository as below:
String issuerUri = oAuth2ClientProperties.getProvider().get(“okta”).getIssuerUri();
String logoutUri = issuerUri + “/v1/logout”;
.providerConfigurationMetadata(Map.of(“end_session_endpoint”, logoutUri)
So my complete ClientRegistration looks like this:
String clientId = oAuth2ClientProperties.getRegistration().get(“okta”).getClientId();
String clientSecret = oAuth2ClientProperties.getRegistration().get(“okta”).getClientSecret();
String issuerUri = oAuth2ClientProperties.getProvider().get(“okta”).getIssuerUri();
String authUri = oAuth2ClientProperties.getProvider().get(“okta”).getAuthorizationUri();
String tokenUri = oAuth2ClientProperties.getProvider().get(“okta”).getTokenUri();
String userInfoUri = oAuth2ClientProperties.getProvider().get(“okta”).getUserInfoUri();
String jwkUri = oAuth2ClientProperties.getProvider().get(“okta”).getJwkSetUri();
String logoutUri = issuerUri + “/v1/logout”;
return CommonOAuth2Provider.OKTA.getBuilder("okta")
.clientId(clientId)
.clientSecret(clientSecret)
.issuerUri(issuerUri)
.clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)
.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope(“openid”, “email”, “profile”, “my-custom-scope”)
.authorizationUri(authUri)
.tokenUri(tokenUri)
.userInfoUri(userInfoUri)
.userNameAttributeName(IdTokenClaimNames.SUB)
.jwkSetUri(jwkUri)
.providerConfigurationMetadata(Map.of(“end_session_endpoint”, logoutUri))
.build();
system
Closed
July 30, 2024, 4:51pm
3
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.