OIDC Web app - error 400 on login out

seboune · February 16, 2024, 8:52am

Hi,

After a successful login, I can get userinfo with the token in an authorization header.
userinfo endpoint : https://dev-69856395.okta.com/oauth2/default/v1/userinfo

But I can’t logout, I have a 400 Bad Request without any information about the error.
https://dev-69856395.okta.com/oauth2/default/v1/logout?id_token_hint={{token}}

I’ve also tried with a post_logout_redirect_uri parameter and a state parameter, without success.

Any idea ?

vk-giri · February 16, 2024, 11:14am

Hi, can you check that the ID token that you pass in the id_token_hint is not invalid.

Because according to docs OpenID Connect & OAuth 2.0 API | Okta Developer, If the ID token passed via id_token_hint is invalid, the browser is redirected to an error page.

Also I see that you are using the same {token} variable between both the introspect and the logout call. The introspect endpoint needs a Access Token, while the logout endpoint works with ID Token

system · March 17, 2024, 11:15am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Post		Replies	Views
Error 400, bad request on logout OAuth/OIDC	5	938	May 8, 2024
Can't logout, error 400 Bad Request OAuth/OIDC logout	2	82	October 14, 2024
Unable to logout from Okta OpenID and Invalid token error Questions	3	4124	January 24, 2024
Https://********.okta.com/oauth2/default/v1/logout throws 400 error OAuth/OIDC	7	2067	February 15, 2024
400 Bad Request when trying to logout by redirecting OAuth/OIDC	3	3559	February 15, 2024

OIDC Web app - error 400 on login out

Related topics