Okta authentication using flask. Issues signing out

Hi, I have have a React JS and implemented Flask as server-side authentication using Okta.

I am having trouble with signing out. My Company Okta admin has mentioned the following,

" Okta shouldn’t be the one that directs user’s on log out
When you press signout or logout within the application
The Application should re-direct the user"

I have this code, but it is not signing the user out. On redirect it just sign’s me directly back in any help would be appreciated.

Current code.

@app.route(“/logout”, methods=[“GET”, “POST”])
@login_required
def logout():

logout_user()
session.clear()
return redirect(url_for("home"))

What type of application is this (namely, is it OIDC?), what session are you looking to revoke (the application session or the Okta session) and are you using any particular libraries to facilitate login/logout?

When I was working on Flask, I had a similar issue.

Which module are you using in Flask? (namely, is it Flask-Login, Flask-OIDC?)

Try to add these steps in the code:

After clearing the session:

  • Construct a full logout URL that includes a redirect back to your application.
  • Redirects the user to the Okta logout URL which you will have to configure in your Okta.

Oh that’s right, like @SitaRam mentioned, I believe Flask-OIDC doesn’t invoke the /logout endpoint. This post from a couple of years ago may prove helpful if you are using that library: Signing out and Logging in again does not ask for email and password - #2 by andrea

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.