When clicking the 'logout' button within the UI, the following code is executed:
When the JWT Token is set to 'httpOnly', it cannot be modified and therefore cannot be deleted - this stops the user being able to log out of the UI.
- Fresh OpenIDM 4/4.5.0, instance
- Modify the JWT Session Module within 'authentication.json' to include ' "isHttpOnly" : true'
- Start OpenIDM and log in to Self Service or Admin Console as openidm-admin
- Try to log-out