Okta-auth-js tokenManager.signOut() does not work on safari

I am using the okta-auth-js in Angular and we implemented then tokenManager.signOut(). In all browsers except Safari this works. In Safari it does not end the Okta session.

This is the sdk and method (v 4.0.2):

but what’s happening when you try to signOut? what are requests been sent to Okta?

I only see a failed DELETE /api/v1sessions/me/
No other api or redirect calls are made

image

I guess, that’s the problem

Sure seems that way. Okta APIs that are part of the Okta SDK should not be throwing a 404.

agree, but - https://developer.okta.com/docs/reference/api/sessions/#response-example-9 there is a case where it’s an expected response

Hi @tayloreric74

This seems to be an issue with cross-site requests in Safari. Can you please navigate in Safari to Preferences >> Privacy and disable “Prevent cross site tracking” and, once this is done, re-test the API call?

As Dragos says, this is likely due to the use of third party cookies, which recent versions of Safari block by default. Our AuthJS documentation includes a list of methods that rely on third party cookies that you may need to avoid if you are unable to change this setting for your end users