Closed phani1585 closed 6 months ago
jaredperreault-okta
commented
6 months ago Assuming you're using OIDC to protect your application, your application's tokens are independent of the Okta session (the session you've established by logging into the Okta Dashboard). I believe the feature you're looking for is Single Logout
If you have further questions about Single Logout, you can reach out to Support
phani1585
commented
6 months ago I followed the setup instructions outlined in the documentation. However, despite the user signing out from the dashboard, the route http://localhost:3000/slo/logout?iss=https%3A%2F%2Fmaindomain.okta.com&sid=13489e7245894249idd called successfully. i can see my app still continuing the session, I'm puzzled as to why the Okta SDK isn't recognizing this call to execute the code responsible for ending the Okta session and rendering the expected comment.
`import { useOktaAuth } from "@okta/okta-react"; import React, { useEffect } from "react"; import { useAppDispatch } from "../../redux/redux-hooks"; import { resetUser } from "../../redux/userSlice"; import { clearDataFromLocalStorage } from "../../utils/persistentData";
const LogoutPage = () => { const dispatch = useAppDispatch(); const { oktaAuth } = useOktaAuth();
useEffect(() => { const endUserSession = async () => { await oktaAuth.revokeAccessToken(); await oktaAuth.revokeRefreshToken(); oktaAuth.tokenManager.clear(); dispatch(resetUser()); clearDataFromLocalStorage(); }; endUserSession(); }, []);
return <></>; };
export default LogoutPage; `
jaredperreault-okta
commented
6 months ago I'm not sure I follow, is the code in the snippet not working?
Describe the bug
If the user logs out from the Okta dashboard, it should ideally terminate the session and not allow continued access to the application. However, if the application is still allowing access after the user logs out from Okta
how can i know that user logged out from the dashboard?
Reproduction Steps?
No specific
SDK Versions
Additional Information
No response