I’ve setup OIDC SSO for a SPA application using the okta-auth-js and okta-vue npm libraries and I’m having some issues. Everything works great except for the logout. The okta-auth-js signOut() function builds the logout url which includes the id-token-hint and post_logout_redirect_uri. Everything looks correct according to the logout spec on the Okta website. The length of the URL is about 18K due to the large idToken value.
The logout GET returns with a 414 Request-URI Too Long. Any ideas how to resolve this? We are currently using the Okta Classic Engine.
It turns out that the issue was due to the size of the idToken which consists of user claims data that is passed as the id_token_hint on the /logout URL. In our case, the internal users (about 5%) have a large amount of claims data that is added via an Okta inline hook. Thanks to Andrea at Okta for explaining this to me. In the meantime, the workaround is to check the size of the idToken and revoke the access token and close the active session for very large idTokens. All users with claims data under the limit will be signed out using the recommended /logout endpoint. This works for now until we’ve had a chance to minimize the amount of data that we are adding to the claims from the inline hook.