Closed satyajitvure91 closed 2 years ago
Hi @satyajitvure91 It looks like you've gotten into a bad state. We validate that the ID token is present when sending the logout request (before it goes to the browser) see https://github.com/okta/okta-oidc-android/blob/a5458d27010235cabf7d7b8269be604ba5330b86/library/src/main/java/com/okta/oidc/net/request/web/LogoutRequest.java#L103.
However, I'm not able to recreate this locally. How did you get into this state? If you create app data and log in/log out are you able to recreate it?
Interesting. I have logged the user in one fragment and trying to logout in another fragment. I'm using DI to inject the webAuthClient. Also I'm using only "offline_access" scope in the configurations. I tried retrieving the id token and it returned null but I'm still able to receive the refresh token before calling signOutOfOkta.
Can you try using the openid
scope as well as offline_access
?
Now I'm getting the id token but I'm running into this issue. I have added the "end_session_redirect_uri" parameter in my config.json file.
Looks like your this issue link isn't working.
Sorry about that. I have updated the above comment and attached the issue link.
Okta SDK Version 1.1.0
I'm trying to log user out and this is what I'm getting from the SDK. W/SyncWebAuthClientImpl: Failed to clear session AuthorizationException: {"type":0,"code":0,"errorDescription":"id_token_hint missing"} This is what I'm doing on logout.
if(webAuthClient.sessionClient.isAuthenticated){ activity?.let { webAuthClient.signOutOfOkta(it) }
Where do I provide the id_token_hint value? Am I missing something here?