When implementing logout flow for Okta, you need to pass the id_token as a parameter for the logout route. This token is provided in the access token response, as long as you have requested the openid scope for the user. See Okta docs. Prior to 2.0, the id_token set in the extra hash was mistakenly set to the access token.
While this was unintended functionality, we are bumping major version to ensure that anyone who may have relied on that incorrect behavior does not experience a breaking change.
Thanks to @amichal and @ryanswood via #17 and #24.
Contributors
amichal and ryanswood