Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

okta logout fails #25

Closed
Yasinjama opened this issue Mar 1, 2018 · 16 comments
Closed

okta logout fails #25

Yasinjama opened this issue Mar 1, 2018 · 16 comments
Assignees
@swiftone

Comments

@Yasinjama
Copy link

I pulled the sample applications project, tried out the okta-hosted-login. I was able to login successfully, but when I clicked on the logout button it doesn't log me out.

Unhandled Rejection (AuthApiError): Not found: Resource not found: me (Session).

It seems to be failing on the /api/v1/session/me call to destroy the session, the session is not found.

I was not getting this logout issue before.
@Yasinjama Yasinjama changed the title okta logout is fails okta logout fails Mar 1, 2018
@robertjd
Copy link
Contributor

robertjd commented Mar 2, 2018

Hi @Yasinjama , are you seeing a 404 when the library tries to make the DELETE call to /api/v1/session/me ?

@Yasinjama
Copy link
Author

Yes, that is correct.

@jakehockey10
Copy link

Any further news on this? I'm using the angular package and seeing this when I log out of IE 11. Works fine on other browsers. I would really like to know how to diagnose this...

@Sara3
Copy link

Sara3 commented May 14, 2018
edited
Loading

When trying to log out (this.props.auth.logout()), if the session has expired or deleted. We get a 404 error on this call.

DELETE {{org.url}}/api/v1/sessions/me 404 (Not Found)
And here is the stack-trace I can see on browser console -

asyncToGenerator.js:20 Uncaught (in promise) AuthApiError {name: "AuthApiError", message: "Not found: Resource not found: me (Session)", errorSummary: "Not found: Resource not found: me (Session)", errorCode: "E0000007", errorLink: "E0000007", ...}
step @ asyncToGenerator.js:20
(anonymous) @ asyncToGenerator.js:30
Promise.then (async)
step @ asyncToGenerator.js:27

It gives an error instead of redirecting. Is this the same problem you are facing @jakehockey10 @Yasinjama ?

@Yasinjama
Copy link
Author

@Sara3 Yea that's the same problem I am facing. I had to find a work around for this by calling okta ${baseUrl}/v1/logout https://developer.okta.com/docs/api/resources/oidc#logout.

@scienced
Copy link

I'm getting the same error (as @Sara3) using the okta code for VUE, any updates on how to fix this?

@Sara3 Sara3 mentioned this issue May 29, 2018
Open
@Sara3
Copy link

Sara3 commented May 29, 2018
edited
Loading

@scienced I just did a PR.
In Navbar.jsx I added a promise in "async logout()". It catches the error and redirects back to the login page. Here how my function will look like:

async logout() {
    let loginRedirect = this.login
    // Redirect to '/' after logout
    //if session is active
    this.props.auth.logout('/')
    .then(function (out){
      console.log("session is deleted");
    })
    .catch(function (error) {
      //if session is inactive
      loginRedirect();
    })
  }

@rodoabad
Copy link

@Sara3 I don't think that's the correct solution. You're pretty much going back to the user login if the user wanted to logout and be directed somewhere else (if possible).

@CosmicBara
Copy link

Any updates on this? I'm also experiencing this issue.

@rodoabad
Copy link

cc @manueltanzi-okta for visibility!

@bjrosas
Copy link

bjrosas commented Nov 13, 2018

I am using vue and the sign in widget. I am also getting a 404 when accessing /api/v1/sessions/me when attempting to log out:

errorCode: "E0000007"
errorId: "oae-K6ey5u8RfK7nSpcwsV06A"
errorLink: "E0000007"
errorSummary: "Not found: Resource not found: me (Session)"
message: "Not found: Resource not found: me (Session)"
name: "AuthApiError"

@amputek
Copy link

amputek commented Feb 4, 2019

+1. This is still an issue..
this.$auth.logout() fails.

DELETE https://xxxxxxx.oktapreview.com/api/v1/sessions/me 404

errorCauses: []
errorCode: "E0000007"
errorId: "oae1WrE7cYRSk67HDn6dGBuoQ"
errorLink: "E0000007"
errorSummary: "Not found: Resource not found: me (Session)"
message: "Not found: Resource not found: me (Session)"
name: "AuthApiError"

@swiftone
Copy link
Contributor

swiftone commented Feb 5, 2019

We're reviewing the samples to make sure they are up to date with all changes, but it will take some time to get through all of them.

@jptacek
Copy link

jptacek commented Mar 27, 2019

I believe the issue is due to blocking third party cookies. If I run the code as identified above, I am seeing the 404 error highlighted above. In Chrome (my daily driver) I block Third Party Cookies and have the issue. I tried running with Safari and it worked. Hopped back into Chrome and disabled blocking of third party cookies (aka back to default Chrome behavior) and it worked. Blocked them again and we are back to error.

Not sure if there are other issues with this too. Now I a bit stumped about what to do next. I am a bit of an edge case I assume, but for sure not the only one.

@jptacek jptacek mentioned this issue Mar 27, 2019
Closed
@swiftone swiftone self-assigned this Mar 29, 2019
@swiftone
Copy link
Contributor

@jptacek - you are not the only one, but this is an edge case. We're still gathering details so I don't want to give you incomplete information. However it definitely is connected to 3rd party cookies (because Okta is 3rd party)

@swiftone
Copy link
Contributor

This is the same root cause as okta/okta-oidc-js#200 ( as identified by @jptacek , thanks!) - closing this issue to track it all there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@swiftone swiftone

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests