Reputation: 86
Does Okta support openid connect (OIDC) logout?
The OIDC specification states
OPs supporting HTTP-based logout and OpenID Connect Discovery 1.0 [OpenID.Discovery] MUST provide this discovery value:
end_session_endpoint REQUIRED. URL at the OP to which an RP can perform a redirect to request that the End-User be logged out at the OP. The end_session_endpoint is used in exactly the same manner as specified in Sections 2.1 and 5 of OpenID Connect Session Management, including accepting the same query parameters as defined there in Section 5: id_token_hint, post_logout_redirect_uri, and state.
The Okta OIDC Discovery Document does not contain "end_session_endpoint"
So, upon logging out of an OIDC client application, how can the user be logged out of Okta?
Upvotes: 3
Views: 2839
Answers (2)
Reputation: 33824
This functionality is currently planned internally @ Okta. Source: I work there =)
EDIT: More information for you! We've got an open JIRA ticket for this. We'll be getting it done in the next few months (don't quote me on this though).
Upvotes: 2
Reputation: 4681
End session endpoint is not required for openid connect providers. It is required if the providers also implement optional extra specs like the one you refer to. Not sure specifically what otka implements though.
Upvotes: 2
Related Questions
- SAML Single logout through OKTA
- Implementing logout with Okta when app is hosted behind an AWS Alb
- Okta backchannel logout for OIDC
- Integration of Azure with OKTA using OIDC
- OpenID Connect - how to handle single logout
- Back-channel logout using OIDC
- OpenId Connect Implicit flow, how to maintain session
- Single Logout with OIDC
- Is Okta OIDC documentation outdated?
- What is the equivalent of logout in OpenID Connect?