Reputation: 6582
Okta backchannel logout for OIDC
I'm wanting to incorporate an OIDC sign in flow to my single page webapp through an Okta app.
However, I want the session of the user that signed in through Okta in my system to be tied to their Okta session (i.e. if they log out of Okta, or they lose access to my app in Okta, they will be logged out of my webapp).
It seems that backchannel logout is the way to achieve this with OIDC. Does Okta support backchannel logout?
As a side note, it appears that some Okta apps have figured out a way to do this already. For example, if I lose access to the Slack app in Okta, my Slack account is immediately frozen...so there is some kind of communication from Okta ---> Slack in that case. Maybe they are using SAML for that?
Upvotes: 2
Views: 1283
Answers (2)
Reputation: 61
Yeah, I'm guessing the Slack app is a SAML app. OIDC doesn't really support SSL, but you could try what hawk said and just manually delete the Okta session cookie.
Upvotes: 0
Reputation: 126
Back channel logout doesn't seem to be supported right now.
For achieving this behavior, you might have to make your app session rely on okta session. Your app session would be valid as long as okta session is valid. If the user wants to logout of the webapp, you might have to call delete /api/v1/session.
Upvotes: 3
Related Questions
- SAML Single logout through OKTA
- Implementing logout with Okta when app is hosted behind an AWS Alb
- Integration of Azure with OKTA using OIDC
- Achieving authentication flow similar to SAML in OIDC
- Back-channel logout using OIDC
- OpenId Connect Implicit flow, how to maintain session
- Single Logout with OIDC
- Does Okta support openid connect (OIDC) logout?
- How to handle the SAMLResponse from OKTA?
- OKTA Saml 2.0 configurations