Closed RahulChandrabhan closed 2 years ago
JayNewstrom
commented
2 years ago Hi @RahulChandrabhan, could you provide a little more info? Could you show your configuration code? Are you able to reproduce this in our sample app with your configuration?
RahulChandrabhan
commented
2 years ago Hi @RahulChandrabhan, could you provide a little more info? Could you show your configuration code? Are you able to reproduce this in our sample app with your configuration?
No, I am not getting this on sample app. I am sharing some code which can provide little info
OIDC Config
`OIDCConfig.Builder()
.clientId("client id")
.redirectUri("app:/callback")
.endSessionRedirectUri("app:/logout")
.scopes("openid", "profile")
.customConfiguration(createCustomConfig())
.create();`Custom Configuration
`CustomConfiguration.Builder()
.tokenEndpoint("https://---------------------v2/token")
.authorizationEndpoint("https://----------------------v2/authorize")
.endSessionEndpoint("https://----------------------------------/v1/logout")
.create();`In the above, token endpoint and authorization endpoint is taken from discovery url meta deta but end session endpoint is different and it is not taken from discovery url meta data as it is not available in there.
WebAuthClient
`Okta.WebAuthBuilder()
.withConfig(createOIDCConfig())
.withContext(context)
.withStorage(new SharedPreferenceStorage(context))
.withCallbackExecutor(Executors.newSingleThreadExecutor())
.withTabColor(Color.BLUE)
.setRequireHardwareBackedKeyStore(false)
.withEncryptionManager(new DefaultEncryptionManager(context))
.supportedBrowsers("com.android.chrome", "org.mozilla.firefox")
.create();`Sorry for my code formatting
JayNewstrom
commented
2 years ago I'm not able to recreate this. I created a custom authorization server, added an access policy, and I'm able to log in and log out.
Could you give more information about your okta authorization server setup? Or provide minimal steps to reproduce?
RahulChandrabhan
commented
2 years ago I'm not able to recreate this. I created a custom authorization server, added an access policy, and I'm able to log in and log out.
Could you give more information about your okta authorization server setup? Or provide minimal steps to reproduce?
I want to ask something, We are using staging url which redirects to another site. Eg: www.apistaging.com will redirect to www.finalsite.com Token and authorize endpoint are taken from discovery URL but the end session endpoint is not available in discovery url and it is taken directly. I don't have that much access from the config server as this whole thing belongs to a client. Is this error occurring because I am using logout url which is not related to staging environment? Is there is a way to logout (clearing browser session and revoking tokens) without using okta sdk method?
Sorry maybe I am not able to explain in a proper manner.
JayNewstrom
commented
2 years ago The oidc-sdk provides a few functions, one which clears the browser session, and redirects back to the app, and one which revokes the tokens. These are separate SDK methods. If all you'd like to do is revoke tokens, you might have better luck with that SDK method. That being said, we're not doing anything special in the SDK, you can do all of these things by calling the API/browser redirect yourself, we just built the SDK to do it for you.
If your question is stemming more from a configuration issue, than an SDK one, it's best to reach out to our support team. https://support.okta.com/help/s/opencase
RahulChandrabhan
commented
2 years ago The oidc-sdk provides a few functions, one which clears the browser session, and redirects back to the app, and one which revokes the tokens. These are separate SDK methods. If all you'd like to do is revoke tokens, you might have better luck with that SDK method. That being said, we're not doing anything special in the SDK, you can do all of these things by calling the API/browser redirect yourself, we just built the SDK to do it for you.
If your question is stemming more from a configuration issue, than an SDK one, it's best to reach out to our support team. https://support.okta.com/help/s/opencase
So I can use SDK methods to SignOut the user, also I can directly call URLs to logout the user?
JayNewstrom
commented
2 years ago Our revoke tokens sdk method is documented here: https://github.com/okta/okta-oidc-android#Revoking-a-Token
Our raw API is documented here: https://developer.okta.com/docs/reference/api/oidc/
RahulChandrabhan
commented
2 years ago Our revoke tokens sdk method is documented here: https://github.com/okta/okta-oidc-android#Revoking-a-Token
Our raw API is documented here: https://developer.okta.com/docs/reference/api/oidc/
Thank You For Your Support
Whenever I try to do logout I get this error in Custom Tab: {"errorCode":"invalid_client","errorSummary":"A client_id must be provided in the request.","errorLink":"invalid_client","errorId":"oaeAkuQQojCRDSy0jFWb2nQSw","errorCauses":[]}
I am using this to logout the user out of my android application:
webAuthClient.signOutOfOkta(this);I don't have any problem doing SignIn but when it comes to SignOut I get the mentioned error. I am using token and authorise endpoints from meta data information from my discovery URL but my logout URL is different and it is not mentioned in the discovery URL, is this the cause of this error?