Unable to do logout in iOS

[versag1984]

Root Cause Analysis

During logout flow validation, SSO providers (including cloudsso-uat) redirect to the post_logout_redirect_uri without returning the original state parameter.
As AppAuth expects the state value for validation, it reports the error -61439 (State mismatch … but got nil).

More more info:

The issue is a state parameter mismatch during the logout flow between the ON!Track iOS app (using AppAuth-iOS 2.0.0) and the CloudSSO logout endpoint.

The Flow

1. AppAuth-iOS creates an OIDEndSessionRequest with a randomly generated state value and opens the browser to the \
2. CloudSSO LogoutService receives this request, validates the client, and constructs a redirect to Auth0:
   https:///v2/logout?returnTo=&post_logo…
   The state is embedded as a query parameter inside the returnTo URL (via getLogoutQueryString()).
3. Auth0's /v2/logout terminates the session and redirects the browser to the decoded returnTo URL:
4. AppAuth-iOS intercepts this redirect at https://baseurl/oauth/oauth_callback and parses the URL query parameters looking for state.

The Problem
Looking at the AppAuth-iOS source code (OIDAuthorizationService.m, the OIDEndSessionSession class), the state validation logic is:
if (!OIDIsEqualIncludingNil(_request.state, response.state)) {
// "State mismatch, expecting %@ but got %@ in authorization response %@"
}
The OIDEndSessionResponse is initialized from the query parameters of the redirect URL. The issue is one of these scenarios: