Log out doesn't work and automatically sign in

Hello guys… I am having an issue with the logout part of the app… I am using Google App with Auth0 lock, the login section is right, but when I try to logout I am following the docs Logout but it’s not working, when I redirect here https://YOUR_AUTH0_DOMAIN/v2/logout I have an OK response, but when I try to login again I automatically enter to the application.
My case is almost the same than this Log out now unusually auto logging back in

I am using react 16.32 and auth0-lock: 11.6.1

1 Like

I was dealing with something like this today on a new tenant (our old ones were still functioning) and I had one issue where things were fixed by updating my SDK and another by fixing the actual myapi.auth0.com/v2/logout which apparently was not in the original implementation.

The strangest issue is that I was building out new tenants just a couple weeks ago and didn’t have this issue, but the one added this week did. I think things are behaving slightly more SSO-like now, which is fine for me, but wasn’t exactly part of my implementation.

Hello @creamsteak, curious how you exactly fixed your myapi.auth0.com/v2/logout I am having the same issue now. We did not change any configuration and then the logout function just stopped working. :frowning:

Two things:

(1) On my older tenants under settings → advanced there was a toggle for Enable Seamless SSO. Toggling that on or off would change the behavior that occurred when I found this problem. On newer tenants that option didn’t exist, and the behavior was effectively always in the ON position.

(2) The fix so all the sites worked with the sso option enabled was that in my /logout endpoint on my own site I had to add a header redirect for the users browser to my auth0 api /v2/logout url. I also passed it a returnTo my own site and the client id to log it out of.

The reason things worked fine for me before this change is I was just calling the auth0 logout function from the provided sdk which cleared the session in the browser and so they had to log in again. Since Auth0 made the sso option default (and not optional on new tenants) instead of having to authenticate each time, if that users browser is already authenticated it will log them in automatically. You must now redirect the browser (or probably something like end the session via the api on the backend) to the auth0 logout endpoint itself to completely log them out.

I am using <a href="https://tenant-name.auth0.com/v2/logout" onClick={this.props.auth.logout}> <i className="fa fa-sign-out fa-fw" /> Logout </a> to logout and I want to redirect to http://localhost:3000 or https://subdomain.example.com after logout. I added these two URLs to the Allowed Logout URLs at the Tenant Settings and it always redirects to the first one typed in the settings. Adding those to the Application settings does not work. What can I do?

1 Like

Is that react? I’m not too familiar, I’m not sure what the onclick does exactly, but that may be right. Have you specified the returnTo in your actual code?

https://tenant-name.auth0.com/v2/logout?returnTo=https://subdomain.example.com&client_id=

Yes this is in React. Onclick calls
logout() {localStorage.removeItem('access_token'); localStorage.removeItem('id_token'); localStorage.removeItem('expires_at'); this.userProfile = null; history.replace('/'); }
I am not sure where to add returnTo in my code.

It literally can go right there after the URL in the href of the a tag as far as normal html goes. It’s effectively a GET request over http, so you can append

?returnTo=https://subdomain.example.com&client_id=whatevermyclientidis

I’m not familiar with react, if that somehow makes that harder than that.

2 Likes

This solves my problem. Thank you very much.

Could you tell me how you fixed the problem. Its causing me a big headache from couple of days

@pawan
When you logout send the request to https://your-tenant-name.auth0.com/v2/logout?returnTo=the-url-you-want-to-go-back-to-after-logout&client_id=client-id-of-the-application-in-your-tenant

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.