414 URI Too Long Returned Calling signOut From Vue 3 SPA Application

[stuconnall]

Describe the bug?

Not sure if this is a bug per se, but I have encountered the 414 http code from the Okta SPA sample application when the Logout functionality is executed. It is most likely an npm server issue which I do not know how to resolve. The problem is occurring when the okta-auth-js signOut() issues the /logout API call passing the id_token_hint which is nearly 18K in length. Is there any known resolution to get around this using the npm run option? It seems that the npm server doesn't like the length of the logout url that is built in the signOut() function.

What is expected to happen?

The Okta /logout API is accepted and the user is successfully signed out of the SPA application.

What is the actual behavior?

A 414 URI Too Long is returned and the /logout doesn't complete. The Okta keys in localstorage are deleted but the session remains open because the logout didn't make it to the Okta server.

Reproduction Steps?

Build and run the okta-hosted-login SPA application in a local environment.

https://github.com/okta/samples-js-vue/tree/master/okta-hosted-login

SDK Versions

@okta/okta-auth-js : version 7.0.1 @okta/okta-vue : version 5.5.0

Execution Environment

Windows 10 npm: 8.1.2 node: 16.13.2 All browsers - latest versions Chrome, Edge, Firefox

Running locally with npm run dev command

Additional Information?

No response

[denysoblohin-okta]

Why does id_token_hint have such big length 18K? Is it a valid ID token?

[stuconnall]

The id token is stored in the okta-token-storage by the SDK and then retrieved and added to the logout URL in the id_token_hint parameter. It appears to be the full id token which is 17,735 characters. How long should it be? Should the hint be just a portion of the full token?

[jaredperreault-okta]

duplicate of https://github.com/okta/okta-auth-js/issues/1346

Internal Ref: OKTA-551961