OIDC Web Application - Okta Logout Issue

sami · September 11, 2018, 5:33pm

We have OpenID Connect Web applications and we have implemented logout based on below Okta’s documentation. To logout you have to pass ID token value as id_token_hint parameter

Okta-logout_small

It works fine if id_token is not expired (within an hour). After successful logout (removing Okta browser session) it redirects user to post_logout_redirect_uri.
However, after an hour of active user session if you try to logout then you get below error from Okta

Error code: invalid token
Description: The token has expired
OktaLogout_error_small

With this current Okta’s RP-initiated logout implementation, how can any user who is using an application for more then 1 hour can successfully logout with Okta?

tom · September 12, 2018, 3:21pm

Hey @sami, I was talking to the PM this morning about this issue, this is logged and is more than likely going to be worked on in the next couple of sprints. I would send a note to developers@okta.com to get the timeline for the fix.

sami · September 12, 2018, 9:35pm

Thanks @tom, for the quick response.
This is very helpful.

thomas · September 26, 2018, 8:29pm

@tom Is there any update on when this is expected to be resolved?

sami · October 29, 2018, 6:01pm

@thomas this issue is fixed now and logout works fine with expired id_token
Can you try with your OIDC application?

system · January 12, 2024, 11:55pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
OIDC logout error when the user is no longer logged in OAuth/OIDC	2	5966	May 16, 2018
Unable to logout from Okta OpenID and Invalid token error Questions	3	4120	January 24, 2024
Error invalid_client when hitting logout url OAuth/OIDC	2	2235	January 3, 2024
OIDC Web app - error 400 on login out OAuth/OIDC	2	1194	March 17, 2024
Failed to access logout url OAuth/OIDC	3	2400	May 19, 2022

OIDC Web Application - Okta Logout Issue

Related topics