I’m trying to implement logging out for Okta in a NodeJs app, where if the user sign out, the app logs out of the Okta session, and subsequent sign in requires going through Okta SSO again. I see this route:
GET https://${baseUrl}/logout?id_token_hint=${id_token}
I don’t know what the {id_token} is and how to get it.
My current implementation is:
let id_token
passport.use('oidc', new Strategy({
issuer: `https://${OKTA_DOMAIN}/oauth2/default`,
authorizationURL: `https://${OKTA_DOMAIN}/oauth2/default/v1/authorize`,
tokenURL: `https://${OKTA_DOMAIN}/oauth2/default/v1/token`,
userInfoURL: `https://${OKTA_DOMAIN}/oauth2/default/v1/userinfo`,
clientID: `${CLIENT_ID}`,
clientSecret: `${CLIENT_SECRET}`,
callbackURL: `http://localhost:${PORT}/authorization-code/callback`,
scope: 'openid profile'
}, (issuer, profile, context, idToken, accessToken, refreshToken, params, done) => {
console.log(`OIDC response: ${JSON.stringify({
issuer, profile, context, idToken,
accessToken, refreshToken, params
}, null, 2)}\n*****`);
id_token = idToken;
return done(null, profile);
}));
However, the token returned is invalid, and I got a 400 error instead.
Any help is appreciated