Hello, I’m applying OIDC authentication using Okta React SDK for the application.
I have configured Single Logout according to the document so that it can be logged out together when logging out from other applications. However, even though the access token has been revoked, there is still authentication information in the local storage, so it looks like it is logged in.
To find a solution, I want to register a route to remove local storage with iframe during Idp Initiated Logout by registering “Logout Request URL”. However, the local storage cannot be manipulated because the domain of the authentication server and the application is different. (BroadcastChannel also) I don’t think the domain of IdP and SP can be the same.
So I was wondering what the original intent of the “Logout Request URL” was. What processing can be done on iframe that consists of cross-domain?