I have a React app which uses Amplify to do authentication against Cognito users pools. We've just added Okta integration which I have got working using OIDC. You can log into Okta and are then authenticated against our app. The issue I have is that when the users logs out of Okta, they still have access to the app as we're using tokens. Whenever the user goes to the app, they get valid access/id tokens and even on refresh they're still granted valid tokens. I absolutley cannot initiate Log Out from the app (SP side). Perhaps I'm not understanding the auth flow when using OIDC, but it seems puzzling that this is not part of the OIDC setup in Okta - you define a Sign In endpoint, but as far as I can tell the Sign Out end point is only used when teh app is initiating Logout(?)
AWS 官方已更新 1 年前