Issue with logout when using id token hint in ory Hydra (2.x) #3820
Labels
bug
Something is not working.
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Preflight checklist
Ory Network Project
No response
Describe the bug
We have a web based application on which multiple links perform oauth2 login with hydra and use cookie to avoid login screen again (single sign on).
During every login from each link, single session cookie is getting updated.
We enforce logout on main web based application and not on all links (that perform oauth2 login)
Eventually, when we perform logout from any client (we pass id token hint and post logout url), we want that cookie to be cleared and perform redirect to the main application (on which logout was called)
Expected Behavior:
Remove session cookie and redirect to the client.
Actual Behavior:
When using logout, it does not remove the cookie as that was replaced by the other client.
Note that if we dont use id token hint, it removes the cookie correctly, but then it cannot redirect back to the client as post logout url cannot be passed in the logout flow without id token hint
If we use id token hint, it does not clear cookie in all scenario, but redirect to the client as per post logout url works correctly.Has anyone faced this issue?
Any workaround with this?
Appreciate your help!
Reproducing the bug
mentioned in description
Relevant log output
No response
Relevant configuration
No response
Version
hydra 2.x
On which operating system are you observing this issue?
None
In which environment are you deploying?
None
Additional Context
No response
The text was updated successfully, but these errors were encountered: