0D54z00006tbTHDCA2Okta Classic EngineSingle Sign-OnAnswered2021-04-05T06:21:11.000Z2021-03-29T19:04:37.000Z2021-04-05T06:21:11.000Z
AWS Amplify + Cognito + Okta + browser session storage - able to login even after closing browser
  1. I am using AWS Amplify, Cognito and OKTA for login and authorization
  2. I enabled single signout flow in cognito Identity Provider and uploaded certificates in OKTA. This works as expected and I am able to logout of the application with single signout flow
  3. I configured tokens to be stored in session storage rather than local storage using Amplify
  4. When I close the browser and re-open the browser and start my app, I am able to login without providing any credentials (This is the issue)
  5. Technically, session storage data is getting removed when closing the browser but OKTA session remain and it provides access to app without even asking credentials when we reopen the browser and click app again

 

Requirement is to logout the application on logout button click or browser closure as the system will be shared between the users

 

I am struck with this issue for past few days and could not able to proceed further. Any help will be appreciated.

 

Since I am using amplify, I configured cognito identity details usingamplify and did not use any cognito or OKTA npm packages.

 

Please suggest how to remove OKTA session or cookies from the application or please let know if any of the below steps are possible:

 

  1. Is it possible to invalidate OKTA session from Amplify (apart from Auth.signout())
  2. Is it possible to invalidate or remove OKTA session from cognito
  3. Any other suggestions are welcome

 


This question is closed.

Recommended content

No recommended content found...