You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are using this plugin with our Kong setup. Okta is acting as OP/IdP for OIDC setup. The configuration works fine for login activity, redirection to Okta takes place, authentication happens and session is established at kong oidc plugin.
However, regarding logout, we are seeing that even after logout from Okta, kong still maintains the session and redirects to Okta only after one hour which is the current access token lifetime by Okta.
According to Okta, the access tokens should be revoked as soon as we logout from Okta.
Does this mean that this plugin validates access token from Okta only after the token expiry time? And before that, it doesn't know that the token has been revoked and continues the session?
Regards,
Jahanzaib
The text was updated successfully, but these errors were encountered:
Hi,
We are using this plugin with our Kong setup. Okta is acting as OP/IdP for OIDC setup. The configuration works fine for login activity, redirection to Okta takes place, authentication happens and session is established at kong oidc plugin.
However, regarding logout, we are seeing that even after logout from Okta, kong still maintains the session and redirects to Okta only after one hour which is the current access token lifetime by Okta.
According to Okta, the access tokens should be revoked as soon as we logout from Okta.
Does this mean that this plugin validates access token from Okta only after the token expiry time? And before that, it doesn't know that the token has been revoked and continues the session?
Regards,
Jahanzaib
The text was updated successfully, but these errors were encountered: