Ahh, I think I see what you are asking.
SecurityContextLogoutHandler is only going to clear your local session (e.g. call
You will then need to redirect to Okta with a correctly formatted URL: OpenID Connect & OAuth 2.0 API | Okta Developer
Take a look at the Spring implementation:
If you are building something custom, you typically wouldn’t be able to construct this URL on the client, as it wouldn’t have the ID token.
To debug this issue, you can watch the network log in your browser and see what the request looks like, and what the response was.
Taking a step back, do you have a JS client that is calling
/customLogout ? Are you handling auth from your front end or backend?