https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H>, what are the options under ory.upd...
# ory-copilot
s
@chilly-king-10285, what are the options under ory.updateLogoutFlow?
c
A message from kapa.ai
The 
ory.updateLogoutFlow
method is not directly mentioned in the provided knowledge sources. However, there is information about the 
updateLogoutFlow
method in the Ory API. This method is used to log out an identity in a self-service manner. It does not require authentication and works with browsers. For API clients, you can call the 
/self-service/logout/api
URL directly with the Ory Session Token. The parameters for the 
updateLogoutFlow
method are: - `token`: A valid Logout Token. If you do not have a logout token because you only have a session cookie, call 
/self-service/logout/browser
to generate a URL for this endpoint. - `return_to`: The URL to return to after the logout was completed. - `Cookie`: HTTP Cookies. When using the SDK in a browser app, on the server side you must include the HTTP Cookie Header sent by the client to your server here. This ensures that CSRF and session cookies are respected. For more information, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api).
s
Thanks!
@chilly-king-10285, why is my code returning 
self_service_flow_return_to_forbidden
Copy code
ory
      .createBrowserLogoutFlow()
      .then(({ data }) => {
        ory
          .updateLogoutFlow({
            token: data.logout_token,
            returnTo: config.sso?.logoutUrl,
          })
          .then(() => router.push('/'))
          .then(() => router.reload());
      })
c
A message from kapa.ai
The error 
self_service_flow_return_to_forbidden
typically occurs when the 
return_to
URL provided in the 
updateLogoutFlow
method is not allowed by the configuration. In your code, you're setting 
returnTo: config.sso?.logoutUrl
. If the 
logoutUrl
in your 
config.sso
is not allowed in your Ory configuration, it will throw this error. To resolve this issue, you need to ensure that the 
return_to
URL is allowed in your Ory configuration. If you're not sure about the allowed URLs, you should check your Ory configuration. For more information, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api).
s
@chilly-king-10285, why it is not redirecting. Hence, 204 status is being returned.
c
A message from kapa.ai
The HTTP status code 
204
stands for 'No Content'. This status code is often used to indicate that the server has successfully fulfilled the request and there is no additional content to send in the response payload body. In the context of Ory, a 
204
status code is typically returned when resources are deleted or when an operation has been successfully completed but there's no additional information to return. For example, in the 
deleteRelationships
or 
patchRelationships
methods of the Ory Keto API, a 
204
status code indicates that the operation was successful. If you're expecting a redirect but receiving a 
204
status code, it could be because the operation was successful and there's no further action required. If a redirect is necessary, you might need to handle it on the client-side after receiving the 
204
status code. For more information, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api) and the [Ory Keto API Reference](https://www.ory.sh/docs/keto/reference/rest-api).
s
@chilly-king-10285 Why is is not redirecting even I provided returnTo in updateLogoutFlow
c
A message from kapa.ai
The 
updateLogoutFlow
method in Ory behaves differently based on the 
Accept
HTTP header. If the 
Accept
HTTP header is set to 
application/json
, a 
204 No Content
response will be sent on successful logout instead of a redirect. In your case, if you're seeing a 
204
status code and no redirect, it's likely because the 
Accept
HTTP header is set to 
application/json
. If you want the browser to be redirected after logout, you should not set the 
Accept
HTTP header to 
application/json
. Here's the relevant excerpt from the [Ory API Reference](https://www.ory.sh/docs/reference/api):
Copy code
If the `Accept` HTTP header is not set to `application/json`, the browser will be redirected (HTTP 303 See Other) to the `return_to` parameter of the initial request or fall back to `urls.default_return_to`. If the `Accept` HTTP header is set to `application/json`, a 204 No Content response will be sent on successful logout instead.
Please check your code to ensure that the 
Accept
HTTP header is not set to 
application/json
if you want a redirect to occur.
s
@chilly-king-10285, what is the context behind or technical detail behind why it should be not "application/json"
c
A message from kapa.ai
The 
Accept
HTTP header is used by clients to tell the server what content types they'll accept. The server will then send back a response, which will include a content-type header telling the client what the content type of the returned content actually is. In the context of Ory's 
updateLogoutFlow
method, if the 
Accept
header is set to 
application/json
, the server assumes that the client can handle the response programmatically, hence it returns a 
204 No Content
response. This is typically used by API clients which handle responses programmatically. On the other hand, if the 
Accept
header is not set to 
application/json
, the server assumes that the client is a web browser. In this case, it will return a 
303 See Other
status code along with a 
Location
header indicating the URL to redirect to. This is because web browsers, upon receiving a 
303
status code, will automatically follow the redirect. So, if you want the server to redirect the client to a new URL after logout, you should not set the 
Accept
header to 
application/json
. Instead, you should let the server return a 
303
status code and handle the redirect automatically. For more information, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api).
s
@chilly-king-10285, what Accept value should I use instead of the default application/json?
c
A message from kapa.ai
If you want the server to redirect the client to a new URL after logout, you should not set the 
Accept
header to 
application/json
. Instead, you can use 
text/html
or 
*/*
as the 
Accept
header value. This is because when the 
Accept
header is set to 
application/json
, the server assumes that the client can handle the response programmatically and hence it returns a 
204 No Content
response. On the other hand, if the 
Accept
header is not set to 
application/json
, the server assumes that the client is a web browser and it will return a 
303 See Other
status code along with a 
Location
header indicating the URL to redirect to. For more information, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api).
s
Thank you @chilly-king-10285! Additional question, I've updated my code below, to have an Accept value of 'text/html', I am encountering CORS error, I am currently at localhost:8888
Copy code
ory.updateLogoutFlow(
          {
            token: data.logout_token,
            returnTo: '<https://test.com>',
          },
          {
            headers: {
              Accept: 'text/html',
            },
          },
        );
c
A message from kapa.ai
Cross-Origin Resource Sharing (CORS) errors occur when a web application tries to access resources from a different domain, protocol, or port than its own. In your case, your application at 
localhost:8888
is trying to access resources from Ory, which is likely causing the CORS error. To solve CORS errors, you can use Ory Tunnel for local development. In production, you should add your domain to the Ory Project so that all requests from your frontend can be made to Ory under the same domain. Ory has a "deny by default" policy which means that the 
Access-Control-Allow-Origin
header is just set on domains owned by Ory. Also, make sure that the domain stays the same. This is also true for 
127.0.0.1
and 
localhost
which are both separate domains. Make sure that you use 
127.0.0.1
or 
localhost
consistently across your configuration. For more information, you can refer to the following documentation: - [Cross-origin resource sharing errors](https://www.ory.sh/docs/kratos/bring-your-own-ui/custom-ui-basic-integration#cross-origin-resource-sharing-errors) - [Mixing up 127.0.0.1 and localhost](https://www.ory.sh/docs/kratos/debug/csrf#mixing-up-127001-and-localhost) - [CORS on custom domains](https://www.ory.sh/docs/guides/cors#cors-on-custom-domains)
s
Hmm I've already received 
303
, but I am still being redirected, get request was performed to the 
returnTo
URL, it returned 
302
.
@chilly-king-10285 Hmm I've already received 
303
 , but I am still being redirected, get request was performed to the 
returnTo
 URL, it returned 
302
 .
c
A message from kapa.ai
The HTTP status code 
303
is used to redirect a client to a different URL for the retrieval of the response. The 
returnTo
URL you provided in the 
updateLogoutFlow
method is where the client is redirected to after a successful logout. However, if the 
returnTo
URL is returning a 
302
status code, it means that URL is also performing a redirection. The 
302
status code is a common way of performing URL redirection. An HTTP response with this status code will additionally provide a URL in the 
location
header field. This is not an issue with Ory but with the 
returnTo
URL you provided. You might want to check the server configuration of the 
returnTo
URL to understand why it's issuing a 
302
redirect. For more information, please refer to the [Ory API Reference](https://www.ory.sh/docs/reference/api).
2 Views
Open in Slack
PreviousNext
Powered by