CarlaT.93227 (Customer) asked a question.
OIDC Application Logout
Hello, I'm pretty new in this area. I'm trying to implement authentication and authorization for my application using Istio, then connect istio to Okta through an adapter (https://github.com/ibm-cloud-security/app-identity-and-access-adapter/tree/development/helm/appidentityandaccessadapter).
I'm currently trying to implement the logout, but turns out logging out using jwt is trickier. I followed the documentation in here: https://developer.okta.com/docs/reference/api/oidc/*logout and I was able to logout from okta but not from my application. Is there any documentation that could help me achieve this?
Hi Carla,
The /logout authorization server endpoint requires two parameters to be sent:
- id_token_hint = an ID token that was issued to the currently logged in user using the current session
- post_logout_redirect_uri = a URL where to send the user after logging out the user in Okta, URL which needs to be added also in Okta under Admin >> Applications >> your OIDC application >> Logout Redirect URIs
There are two ways to log out the user from the application:
- call the logout method of the SDK used (or delete session manually if a method is not present) and then redirect to Okta's /logout endpoint with post_logout_redirect_uri being the URL to the login page; once the user is logged out from Okta he will arrive back on the log in page of your application
- redirect to Okta's /logout endpoint with post_logout_redirect_uri being the URL for closing the session inside the application; once the user is logged out from Okta, he will be redirected to the logout endpoint on your application's side and, from there, you can redirect him to the log in page
Dragos Gaftoneanu
Developer Support Engineer
Okta Global Customer Care