Not able to logout from Spring Oauth2 client integrated with Okta

I have a spring web app integrated with Okta. I am not able to logout from my web app.
My code config is as below:

@Bean
public OidcClientInitiatedLogoutSuccessHandler oidcLogoutSuccessHandler(ClientRegistrationRepository clientRegistrationRepository) {
	
	OidcClientInitiatedLogoutSuccessHandler logoutSuccessHandler = 
			new OidcClientInitiatedLogoutSuccessHandler(clientRegistrationRepository);
	
	logoutSuccessHandler.setPostLogoutRedirectUri("{baseUrl}");
	
	return logoutSuccessHandler; 
}

In the spring security I have:
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(“/health”).permitAll()
.anyRequest().authenticated()
.and()
.logout(logout → logout.logoutSuccessHandler(logoutSuccessHandler))
.oauth2Login(oauth2 → oauth2.authorizationEndpoint(auth → auth.authorizationRequestResolver(oAuth2AuthorizationRequestResolver)));

    return http.build();
}

I’ve tried GET /logout and POST /logout from my web page, but it doesnt logout and I continue to see the OidcUser object values on the page.

Please help!!!

I have managed to resolve it myself. Actually, spring didn’t redirect to the Okta logout URL, so I have configured the logout URL while creating the ClientRegistrationRepository as below:

String issuerUri = oAuth2ClientProperties.getProvider().get(“okta”).getIssuerUri();
String logoutUri = issuerUri + “/v1/logout”;

.providerConfigurationMetadata(Map.of(“end_session_endpoint”, logoutUri)

So my complete ClientRegistration looks like this:

String clientId = oAuth2ClientProperties.getRegistration().get(“okta”).getClientId();
String clientSecret = oAuth2ClientProperties.getRegistration().get(“okta”).getClientSecret();
String issuerUri = oAuth2ClientProperties.getProvider().get(“okta”).getIssuerUri();
String authUri = oAuth2ClientProperties.getProvider().get(“okta”).getAuthorizationUri();
String tokenUri = oAuth2ClientProperties.getProvider().get(“okta”).getTokenUri();
String userInfoUri = oAuth2ClientProperties.getProvider().get(“okta”).getUserInfoUri();
String jwkUri = oAuth2ClientProperties.getProvider().get(“okta”).getJwkSetUri();
String logoutUri = issuerUri + “/v1/logout”;

        return CommonOAuth2Provider.OKTA.getBuilder("okta")
        		.clientId(clientId)
        		.clientSecret(clientSecret)
        		.issuerUri(issuerUri)
        .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_BASIC)

.authorizationGrantType(AuthorizationGrantType.AUTHORIZATION_CODE)
.scope(“openid”, “email”, “profile”, “my-custom-scope”)
.authorizationUri(authUri)
.tokenUri(tokenUri)
.userInfoUri(userInfoUri)
.userNameAttributeName(IdTokenClaimNames.SUB)
.jwkSetUri(jwkUri)
.providerConfigurationMetadata(Map.of(“end_session_endpoint”, logoutUri))
.build();

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.