Help needed on implementing OpenID LogOut request using OKTA sign in widget Skip to main content
https://support.okta.com/help/answers?id=9062a000000quasqac&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Anand MogheAnand Moghe 

Help needed on implementing OpenID LogOut request using OKTA sign in widget

I am using Authorization code workflow using OKTA sign in widget and when the OpenID connect login is successful, I set the Session cookie and redirect to my callback URL so I can process the code.

So in the back channel I get the "code" ( which I read from the query param set on the redirect URL). Fine here. I check that it is not empty and then proceed further to check cookies.

Then I check for two cookies - "okta-oauth-nonce" and "okta-oauth-state" to validate. Everything good here. 

Now my problem is I am not sure where is session cookies set ? And what is the name of the session cookie ( which I get on the front channel and then I redirect to back channel for my Authorization Code workdlow ) ???? 

OK. Another issue related to the logout request on OpenID.
As per teh documentation here (https://developer.okta.com/docs/api/resources/oidc.html#request-examples-1) ,  it says I need id_token_hint. What do you mean by this  id_token_hint ?
Is it a session cookie or nonce or sate (as above) or is it a ID token I can retrieve from /oauth2/v1/token  endpoint ? Is it the entire JSON that I get from /oauth2/v1/token ? or is it just the id_token portion of the json I receive form /oauth2/v1/token  ?

How and where am I supposed to get this id_token_hint in my  openId over Oauth2 implementation of "Authorization_code" workflow using your JavaScript OKTA SignIn widget for front channel and PHP in the back channel ?


 
Ciprian SamihaianCiprian Samihaian (Okta, Inc.)
Hi
Please see the below support link in regards to the session cookies:
https://developer.okta.com/use_cases/authentication/session_cookie
I hope that helps. 
For your other question, please open a separate case, so we can avoid confusion on the present one.
Thank you.