By using AWS re:Post, you agree to the Terms of Use

Is Cognito OAuth Logout 'state' param supported?

0

Hi there,

Try to achieve cognito oauth logout using state parameter as stated on the last example of the call documentation but not getting it injected on the redirect URL.

I see that on the documentation, state is not listed as it's on the login route, however, it's shown on the Example#2, leading to a might support thinking on my side.

  • Is this really not supported on the logout?
  • How we would carry state values on the logout actions? I see that some oauth implementations does support state on their logouts.
  • I don't see state being specified on the OAuth@v2 RFC, thus is the reason why state is not implemented on logout. https://datatracker.ietf.org/doc/html/rfc7009#section-2.1