Last Updated: Nov 13, 2024
Overview
When logging out of an application, an invalid_request error is thrown even though the URL value in the “returnTo” is already part of the Allowed Logout URLs in the application.
The error message takes this form:
invalid_request: The “returnTo” querystring parameter “https://login.example.com” is not defined as a valid URL in “Allowed Logout URLs”.
Applies To
- Logout
- Invalid Request
- Logout Error
Cause
The client ID was not explicitly given in the application code. As a result, the /logout endpoint could not determine which application the user was attempting to log out from.
Solution
The issue can be fixed by including the client_id parameter in the string, as shown here:
https://YOUR_DOMAIN/v2/logout?returnTo=http%3A%2F%2Flocalhost%3A85&client_id=*YOUR_CLIENT_ID*