Releases: omniauth/omniauth-okta
Releases · omniauth/omniauth-okta
v2.0.0
When implementing logout flow for Okta, you need to pass the id_token as a parameter for the logout route. This token is provided in the access token response, as long as you have requested the openid
scope for the user. See Okta docs. Prior to 2.0, the id_token
set in the extra hash was mistakenly set to the access token.
While this was unintended functionality, we are bumping major version to ensure that anyone who may have relied on that incorrect behavior does not experience a breaking change.
Thanks to @amichal and @ryanswood via #17 and #24.