You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The .signOut() method is responsible for closing a session, and clearing access and ID tokens. The signOut method takes the following options:
postLogoutRedirectUri - Setting a value will override the postLogoutRedirectUri configured on the SDK.
state - An optional value, used along with postLogoutRedirectUri. If set, this value will be returned as a query parameter during the redirect to the postLogoutRedirectUri
When the user is signed in, calling the signOut method works as expected, the user is redirected to the postLogoutRedirectUri with the state string as a query parameter.
When the user is not signed in, the signOut method ignores the state string, and redirects the user to the postLogoutRedirectUri with no query parameter.
Whats Expected
According to the documentation, the .signOut method requires a valid ID token:
Requires a valid ID token. If an ID token is not available, signOut will fallback to using the XHR-based closeSession method. This method may fail to sign the user out if 3rd-party cookies have been blocked by the browser.
In this scenario, the user is signed out, and the idToken has already been cleared from token storage, hence the sdk should fallback to using the closeSession method.
It is also documented, that if this fallback happens, we should expect signOut to return a promise with the result of closeSession:
If a fallback to closeSession is used, signOut() returns a promise that resolves with the result of closeSession (true if an existing Okta session have been closed or false if a session does not exist or has already been closed). Otherwise a promise resolves with true.
constsignOut=async()=>{try{constresult=awaitauthClient.signOut({state: "OktaSignoutState",postLogoutRedirectUri: window.location.origin});// If user is signed out signout should return false// https://github.com/okta/okta-auth-js#signoutconsole.log({ result });}catch(e){console.warn("Signout Failed and threw error");console.warn(e);}};
The result value is always undefined, right before the page is redirected back to the postLogoutRedirectUri.
You can use the test user for this client: [email protected] / Github123!
SDK Versions
@okta/okta-auth-js: 7.2.0
Additional Information?
No response
The text was updated successfully, but these errors were encountered:
@pljeskavica Have you tested the return value of signOut in a local environment? I can see in the sandbox it returns undefined, but in a local test app it is correctly resolving false
Describe the bug
Bug Description
The .signOut() method is responsible for closing a session, and clearing access and ID tokens. The signOut method takes the following options:
When the user is signed in, calling the signOut method works as expected, the user is redirected to the
postLogoutRedirectUri
with the state string as a query parameter.When the user is not signed in, the signOut method ignores the state string, and redirects the user to the
postLogoutRedirectUri
with no query parameter.Whats Expected
According to the documentation, the .signOut method requires a valid ID token:
In this scenario, the user is signed out, and the idToken has already been cleared from token storage, hence the sdk should fallback to using the closeSession method.
It is also documented, that if this fallback happens, we should expect signOut to return a promise with the result of closeSession:
Reproduction Steps?
I have created a code sandbox with a working example: https://codesandbox.io/s/charming-snyder-z8x5vv?file=/src/App.tsx
Signout Code:
The
result
value is always undefined, right before the page is redirected back to thepostLogoutRedirectUri
.You can use the test user for this client: [email protected] /
Github123!
SDK Versions
@okta/okta-auth-js: 7.2.0
Additional Information?
No response
The text was updated successfully, but these errors were encountered: