OIDC / Logout with AWS ALB

I am trying to implement the logout functionality. Scenario is, we have an app within AWS ALB and I am using ALB for authentication. I am able to login and able to get the OIDC_DATA, however I have following issues.

  1. OIDC_DATA is a JWT encoded. Hence when I decode, I am able to retrieve the payload data but the verify_signature fails. The api I use is as suggested in the AWS site
    payload = jwt.decode(encoded_jwt, pub_key, algorithms=['ES256'])
  2. Since AWS-ALB is performing the authentication, when I call with ```
```{"errorCode":"invalid_client","errorSummary":"A client_id must be provided in the request.","errorLink":"invalid_client","errorId":"oae9U5w61RwSMaM1aDLsu2p7g","errorCauses":[]}```

Could you please guide me?

Are you providing the raw JWT string as the id_token_hint value? If not, can you give that a shot?