OpenID Connect Single Log out Skip to main content
https://support.okta.com/help/answers?id=9062a000000xzo7qag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Sam MaguraSam Magura 

OpenID Connect Single Log out

According to https://stackoverflow.com/a/42816392/752601, Okta does not yet support OpenID Connect logout. In the meantime, is there any other way that I can log a user out of Okta itself when they click the "Log out" button I have created in my OpenID Connect application?
Adrian RahauAdrian Rahau (Okta, Inc.)
Hi Sam,

This is Adrian from Okta support.
In order to trigger a "logout" in your web app, you will need to revoke the open id token to remove the user session. The session from the application would also need to be removed. If you want to delete the Okta session, you can call DELETE /api/v1/sessions/me along with the token revoke call.
There is quite a bit of useful documentation available on our Developer site, if you would like a deeper look into OAuth 2.0 and OIDC:
http://developer.okta.com/docs/api/resources/oauth2.html#openid-connect-and-authorization-servers
http://developer.okta.com/docs/api/resources/sessions.html#close-current-session

Thank You,

Adrian Rahau
Support Agent
Okta Global Customer Care
Sam MaguraSam Magura
Thank you Adrian. To call /api/v1/sessions/me, the Okta session cookie must be set in the browser.

I see that I can obtain a session cookie from the OIDC authorization endpoint ( https://developer.okta.com/use_cases/authentication/session_cookie#retrieving-a-session-cookie-via-openid-connect-authorization-endpoint ), but to do this, I need a session token. The article I just linked says that a session token is obtained through the Authorization API, but I am not using the Authorization API for my site. 

My log in flow is this: user clicks log in button on my site -> redirected to Okta login page -> redirected back to my site. How can I get the session token or session cookie under this flow? I have checked my cookies in the Chrome dev tools, and I am not seeing any cookies created by Okta for localhost:8080.

Thank you.
Istvan OpraIstvan Opra (Okta, Inc.)
Hi Sam

This is Istvan from Okta support .
To make the logout to happen in your app, you will need to cancel the open ID token for removing the users session. You also need to remove the session from the application. In order to delete the Okta session, you need to do the call DELETE /api/v1/sessions/me along with the token revoke call.
Here is some documentation available on the website : 
http://developer.okta.com/docs/api/resources/sessions.html#close-current-session
http://developer.okta.com/docs/api/resources/oauth2.html#openid-connect-and-authorization-servers