Redirect users after logout

Problem Statement

We are getting an invalid error request when logging out even though the URL value in the “returnTo” is already part of the Allowed Logout URLs in the application.

Symptoms

  • invalid_request: The "returnTo" querystring parameter "[https://YOUR_URL"](https://YOUR_URL)" is not defined as a valid URL in "Allowed Logout URLs".

Steps to Reproduce

  1. Make a GET request to https://YOUR_DOMAIN/v2/logout?redirectTo={DESIRED_URL}

Cause

The client ID was not explicit, so the logout endpoint can’t check from which application you are trying to log out and consequently couldn’t know if the URL is valid or not because it is different for each application.

Solution

The recommended solution is to include the client_id parameter in the logout request.

For example:
https://YOUR_DOMAIN/v2/logout?returnTo=http%3A%2F%2Flocalhost%3A85&client_id=YOUR_CLIENT_ID

Reference Materials