We occasionally have the need for users to logout so their tokens can get refreshed for things like Azure DevOps - up to now we’ve been using the /api/v1/signout url which has always seemed to do the trick. Hit that URL, go back to the last page and it redirects you back through OIDC login.
Running 3.7.0 if I hit the same url, it doesn’t seem to log me out. I don’t get an error saying the page doesn’t exist, but it doesn’t actually do anything. After hitting the url, if I go back to my previous page it doesn’t redirect me through OIDC and my tokens don’t get refreshed.
Ah, just realised you’re already up to 3.7.6 so I guess there’s been a bit changed in the last week - I’ll give the latest version a crack later on. For the moment we’ve rolled back to 3.6.2 as we seemed to be seeing some performance probs in 3.7.0 as well.
We did change the logout behavior. We used to invoke a cookie log off but now we are initiating a log off for the OIDC provider. It seems like this isn’t doing something properly. We may have to revisit this to ensure we logout properly on both the OIDC end and the PSU end.
Thanks - it’s going to be a bit of a blocker for us getting past 3.7.0 by the looks of it. Once a user’s been logged in for more than an hour all their tokens expire and the only way to refresh seems to be to wait for the session to timeout.
Back on 3.6.2 for the time being - would appreciate if it can be looked at! Is it best to raise a bug?