We are using kong-oidc plugin with our Kong setup. Okta is acting as OP/IdP for OIDC. The configuration works fine for login activity, redirection to Okta takes place, authentication happens and session is established at kong.
However, regarding logout, we are seeing that even after logout from Okta, kong still maintains the session. It redirects to Okta for authentication again only after one hour which is the current access token lifetime by Okta. I have posted this as an issue here as well
According to Okta, the access tokens are revoked as soon as we logout from Okta.
Does this mean that the tokens are not validated from Okta by this plugin and it keeps the session until token expiry time and redirects to Okta only after the token expiry?
Note: We are aware of managing the logout from kong side by calling logout endpoint, but we need to confirm about the functionality of this plugin if session is logged out from Okta side.
Looking forward to the information on this!
Regards
