OpenID Connect Front-Backchannel Logout


As per the documentation a call to GET /oauth2/sessions/logout with the id_token_hint parameter should initiate the logout flow. But, when I make that call, I only get a 302 response like this:

< HTTP/1.1 302 Found
< Content-Type: text/html; charset=utf-8
< Location:
< Date: Thu, 07 May 2020 06:53:16 GMT
< Content-Length: 63
<a href="">Found</a>.

As you can see, I don’t get a logout_challenge. When I look into the id-token that was retrieved as part of the login flow, and presented to the logout endpoint, it’s not expired, and it contains a valid sid attribute which I can also locate in the database tables (hydra_oauth2_access and hydra_oauth2_authentication_session). The oauth2 client app has default settings for backchannel and frontchannel logout, and I’m on the v1.3.2 release of Hydra.

So, what am I doing wrong here?

Thanks. It was the remember me option that wasn’t ticked.