After trying to walk through every possible documentation, including OAuth 2.0, Okta, OIDC, I still can’t figure out what it takes to end a user session (log him out from Okta).
In my Flask app, the logout route looks like this:
In the docs, it says the endpoint /logout takes a few request parameters to log the user out.
It says that it takes “id_token_hint”. Is that what identifies the user? How can I retrieve the id_token_hint?
On a different post, someone suggested hitting the /token endpoint.
The request must include a few parameters which I understand and know, but some are not clear for me and even when trying to read online I could not understand what these are or how to retrieve them (grant_type, code, code_verifier).
What I should be cover or learn to understand how to implement this the right way?
As noted in our docs, /logout must be passed an id_token_hint parameter, the value of which is a valid ID token for the user who has an Okta session in the browser.
If your application implements OpenID Connect to allow user access, they may have received an ID token when they initially logged in. In an OIDC application, the user will be prompted to sign in when an /authorize request is made to Okta. Depending on the OAuth grant type, your application may also need to make a token request in order to get an ID token and/or an Access token for the user. Then, when they need to logout, you can send that ID token in the /logout request to end their Okta session.
If you’re new to OpenID Connect, you may want to read through our guides that walk you through different OAuth flows so you can see how you can get tokens for the authenticated user, or look through our more general documentation around OAuth/OIDC, such as the following: