OAuth2 strategy for Okta
When implementing logout flow for Okta, you need to pass the id_token as a parameter for the logout route. This token is provided in the access token response, as long as you have requested the openid
scope for the user. See Okta docs. Prior to 2.0, the id_token
set in the extra hash was mistakenly set to the access token.
While this was unintended functionality, we are bumping major version to ensure that anyone who may have relied on that incorrect behavior does not experience a breaking change.
Thanks to @amichal and @ryanswood via #17 and #24.
Includes all changes from 0.1.3 as well as the following PR:
Contains the changes from the following PRs:
https://github.com/omniauth/omniauth-okta/pull/9 https://github.com/omniauth/omniauth-okta/pull/12
Initial release of Omniauth Okta OpenID Connect Strategy