I’ve checked a few similar threads but nothing has come up. To sign out of Okta app, which is a Django server, I’m redirecting users to https://<okta-org>/oauth2/default/v1/logout?id_token_hint=id_token. This works just fine, and the user is signed out. However, the redirect URI that I have provided for the app is seemingly ignored, and instead, on logout, the users are redirected to https://<okta-org>/login/login.htm.
I have made sure to add http://localhost:8000 to the Trusted Origins list, with both CORS and Redirect types.
Not sure what else I’m missing? I tried to add it as a URL paramater, but upon logging out, was provided a link to add the redirect URI ^ there instead.
Yes, and actually, I had already been using that sample. Appending &post_logout_redirect_uri=urias shown in that repo results in this error page appearing, telling me to set that via Okta settings instead.
Just testing on a localhost app right now, so &post_logout_redirect_uri=http://localhost:8000/cmdb/login, same as it is online with the “Sign-out redirect URIs”.
Would an invalid token still sign the user out? I wonder if I’m messing that up in some way (though it looks fine), and it doesn’t link back to the correct application to find the sign-out redirect? Not sure
Huh, so apparently I had my &post_logout_redirect_uri set to http://localhost:8000/cmdb, so missing the final /login. Upon adding that, the redirect works just fine. Really weird, but I think it works! I’ll mark this as the solution if I don’t find an issue with it in a couple hours.
