User sign out flow (local app)

Identity Engine

This guide covers the use case to sign a user out, and provides a flow diagram and a sequence of integration steps.

---

Learning outcomes

Understand how to implement a sign-out flow for a user.

What you need

• An app that uses the embedded Okta Identity Engine SDK
• Okta org already set up for your use case
• Identity Engine SDK set up for your own app

Sample code

ASP.NET Identity Engine sample app (opens new window)

---

Configuration updates

There are no additional configuration changes needed to implement this use case.

Summary of steps

This use case signs a user out of the local app by revoking their session tokens. The following diagram shows the sequence of steps for the sign-out flow:

Integration steps

Create a sign-out UI element

The first step is to create a link, button, or another similar UI element that allows the user to sign out of the app.

Revoke the access token

When the sign out is initiated, create the following flow:

1. Obtain the access token from the session state. This token was placed into the session state during the user sign-in flow. The code snippet uses objects from Microsoft.Owin.Security to manage the session state of the tokens.
2. Call the RevokeTokensAsync method of IDXClient and pass in the access token that you obtained in step 1.

var client = new IdxClient();
           var accessToken = HttpContext.GetOwinContext().Authentication.User.Claims.FirstOrDefault(x => x.Type == "access_token");
           await client.RevokeTokensAsync(TokenType.AccessToken, accessToken.Value);
           _authenticationManager.SignOut();
           return RedirectToAction("Login", "Account");

Send the user to the signed-out page

After the user is signed out, send them to the desired page.

See also

Validate SSO federation