OIDC Web Application - Okta Logout Issue


#1

We have OpenID Connect Web applications and we have implemented logout based on below Okta’s documentation. To logout you have to pass ID token value as id_token_hint parameter

https://developer.okta.com/docs/api/resources/oidc#logout

Okta-logout_small

It works fine if id_token is not expired (within an hour). After successful logout (removing Okta browser session) it redirects user to post_logout_redirect_uri.
However, after an hour of active user session if you try to logout then you get below error from Okta

Error code: invalid token
Description: The token has expired
OktaLogout_error_small

With this current Okta’s RP-initiated logout implementation, how can any user who is using an application for more then 1 hour can successfully logout with Okta?


#2

Hey @sami, I was talking to the PM this morning about this issue, this is logged and is more than likely going to be worked on in the next couple of sprints. I would send a note to developers@okta.com to get the timeline for the fix.


#3

Thanks @tom, for the quick response.
This is very helpful.


#4

@tom Is there any update on when this is expected to be resolved?


#5

@thomas this issue is fixed now and logout works fine with expired id_token
Can you try with your OIDC application?