As I understand correctly one and only thing that needs to be done is a get request to /logout?id_token_hint=<id_token_hint>
another, this time optional, attribute would be post_logout_redirect_uri.
But just /logout?id_token_hint=<id_token_hint> should do the trick? Right?
well, I’m getting an error: {"errorCode":"invalid_client","errorSummary":"Invalid value for 'client_id' parameter.","errorLink":"invalid_client","errorId":"oaewWqGO6lqRa6BqmRMYoRAPg","errorCauses":[]}
for both options (with and without post_logout_redirect_uri). What am I doing wrong?
On okta side I got Logout redirect uris set up to http://localhost:3000
I am getting the same error when try to log out by redirecting the user-agent to the /logout endpoint.
I am passing the (URL-encoded) ID token as the value for id_token_hint as a parameter on the URL. The URL looks like:
(I have replaced sensitive information with {...})
I am confused because the error mentions a client_id parameter, but the API docs for /logout do not list client_id as a parameter.
It seems that Logout Redirect Page addresses a similar issue, but the solution was very specific to the poster’s C# implementation, and I am not familiar with C#.
I solved my issue! I was not giving the correct value for the id_token_hint.
Details: I am developing a python flask app, and am using requests_oauthlib to interact with Okta. To get the token, I call
The value returned by this method is a dict with a key 'id_token', along with several other keys. To add the id_token_hint to the logout url, I was originally passing the entire dict from fetch_token: