Okta-auth-js tokenManager.signOut() does not work on safari

I am using the okta-auth-js in Angular and we implemented then tokenManager.signOut(). In all browsers except Safari this works. In Safari it does not end the Okta session.

This is the sdk and method (v 4.0.2):

but what’s happening when you try to signOut? what are requests been sent to Okta?

I only see a failed DELETE /api/v1sessions/me/
No other api or redirect calls are made

image

I guess, that’s the problem

Sure seems that way. Okta APIs that are part of the Okta SDK should not be throwing a 404.

agree, but - https://developer.okta.com/docs/reference/api/sessions/#response-example-9 there is a case where it’s an expected response

Hi @tayloreric74

This seems to be an issue with cross-site requests in Safari. Can you please navigate in Safari to Preferences >> Privacy and disable “Prevent cross site tracking” and, once this is done, re-test the API call?

As Dragos says, this is likely due to the use of third party cookies, which recent versions of Safari block by default. Our AuthJS documentation includes a list of methods that rely on third party cookies that you may need to avoid if you are unable to change this setting for your end users

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.