Hi there,
Try to achieve cognito oauth logout using state
parameter as stated on the last example of the call documentation but not getting it injected on the redirect URL.
I see that on the documentation, state
is not listed as it's on the login
route, however, it's shown on the Example#2, leading to a might support thinking on my side.
- Is this really not supported on the logout?
- How we would carry state values on the logout actions? I see that some oauth implementations does support
state
on their logouts.
- I don't see state being specified on the OAuth@v2 RFC, thus is the reason why state is not implemented on logout. https://datatracker.ietf.org/doc/html/rfc7009#section-2.1