https://www.ory.sh/ logo
Join Slack
Powered by
I'm getting ```Logout failed because query paramet...
# ory-network
c
I'm getting
Copy code
Logout failed because query parameter post_logout_redirect_uri is not a whitelisted as a post_logout_redirect_uri for the client."
however it is whitelisted ?? I'm passing http://localhost:8080/ as post_logout_redirect_uri. (which should be fine, this oauth2 client is used for local development.
Copy code
logout_url <https://adoring-mirzakhani-4rdx4fqc5a.projects.oryapis.com/oauth2/sessions/logout?id_token_hint=eyJ..snipped..&post_logout_redirect_uri=http%3A%2F%2Flocalhost%3A8080%2F>
The oauth2 clients has that explicityly in 
post_logout_redirect_uris
Copy code
$  ory get oauth2-client 01a08ad6-0a5d-4e24-9e37-48e8fe7de1b6 --format json | jq
{
  "client_id": "01a08ad6-0a5d-4e24-9e37-48e8fe7de1b6",
  "client_name": "local development (runserver)",
  "client_secret_expires_at": 0,
  "client_uri": "",
  "created_at": "2025-02-27T10:51:57Z",
  "grant_types": [
    "authorization_code"
  ],
  "jwks": {},
  "logo_uri": "",
  "metadata": {},
  "owner": "",
  "policy_uri": "",
  "post_logout_redirect_uris": [
    "<http://localhost:8080>",                     <----  Just to be sure, we add with and without '/'
    "<http://localhost:8080/>"                     <---- See its here
  ],
  "redirect_uris": [
    "<http://localhost:8000/account/authorize/>",  <----  used for login, all good.
    "<http://localhost:8080/>",
    "<http://localhost:8080>"
  ],
  "response_types": [
    "code",
    "id_token"
  ],
Whats are we missing? (testing with non 'localhost' but 'real' urls, does not help) (testing with passwing a random state= to the logout url does not help)
h
is it the correct client in the id token hint?
c
yes I think so, see (jwt decoded) token id: same client id found in "aud"
Copy code
{
  "amr": [
    "password"
  ],
  "at_hash": "fkapWA1T_pVHHghFBbV8Ew",
  "aud": [
    "01a08ad6-0a5d-4e24-9e37-48e8fe7de1b6"
  ],
  "auth_time": 1741779861,
  "email": "*****edited***",
  "email_verified": true,
  "exp": 1741783551,
  "family_name": "**edited**",
  "given_name": "**edited**",
  "iat": 1741779951,
  "iss": "<https://adoring-mirzakhani-4rdx4fqc5a.projects.oryapis.com>",
  "jti": "47796962-e5f5-4a45-89f7-b91098a9b217",
  "nonce": "pfMzLBPK98TNfrECBnf4",
  "preferred_username": "hve",
  "rat": 1741779949,
  "sid": "9ea05b58-23b7-42cc-8a45-340419eaf80b",
  "sub": "125ba2f2-86ee-42d9-9a83-a29450f96e92",
  "updated_at": 1741251937
}
Copy code
<edit> removed raw token_id
h
Hm, can you provide a trace ID? From what i can see it should work. The trace id is cf-ray-id response header
or create an issue in ory/network
c
I reported this (later) to support@ory.sh Let me find a trace ID. once sec
NB: we see the same problem with 2 different ory projects.
Cf-Ray: 91f46addfd5dad10-AMS
argh... we found the problem.
its our fault. it was not the final url that I pasted, just before redirecting and additional query param was added to the url. And that (rightfully) triggered ory to fail. So, sorry for the fuss.
!@#$!@#$!@#$!#$!$!$ (again) sorry
m
no worries, happens 😄
2 Views
Open in Slack
PreviousNext
Powered by