Anyone got this error message before:

The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Logout failed because query parameter id_token_hint is missing sid claim.

. I parsed my id-token (the one sent as

id_token_hint

), and the sid-claim wasn't present. But, login in again yields a sid-claim. What can cause the sid-claim to not be present in an id-token?

Hey @important-grass-29919 The

sid

claim in the ID token is used as a parameter in the ID Token and in OIDC Front-/Back-channel logout. Its value can generally be used to associate consecutive login requests by a certain user. If it’s missing, it could be due to a variety of reasons, such as an issue with the authentication session or a problem with the token generation process. In the context of Ory, the

sid

claim should be present in the ID token. If it’s not, it could be a bug or a misconfiguration. It’s also possible that the

sid

claim is not being correctly passed in the

id_token_hint

during the logout request. If you’re using Ory Hydra, it’s worth noting that there are two types of logout requests - “OP (OpenID Provider) Initiated” and “RP (Relying Party) Initiated”. The first flow must neither contain the

id_token_hint

, nor a

state

, nor

post_logout_redirect_uri

. If

id_token_hint

is set, you may define both

state

and

post_logout_redirect_uri

. If you’re still encountering issues, it might be helpful to check the following: • Ensure that you have a cookie named

oauth2_authentication_session

for the URL Ory OAuth2 & OpenID Connect is running on, and for the domain that’s in your

http://.../oauth2/sessions/logout

. • Make sure you’re not using a browser with a very strict privacy policy which makes it difficult or impossible for Ory to properly set cookies. For example, the Brave Browser may cause issues here. • Check if you set

remember: true

when accepting the login request. If the problem persists, it might be worth filing a bug report.