Logout with "returnTo" parameter for social logged in user doesn't work

david.toth · November 4, 2019, 11:18am

I’m using the Single Page Application SDK. I can successfully log in to the application with the Auth0 Universal login, but when trying to log out from our SPA it doesn’t seem to redirect to the URL set by the redirectTo parameter.

I set the client_id parameter correctly
Just to be sure, I even tried with clientId and clientID parameters, but still redirects wrongly
I set the Allowed Logout URLs correctly: http://localhost:3000/auth/logout
For making sure it’s not the client_id problem, I set the Allowed Logout URLs in the Tenant settings as well, but no success
I get back a Success Logout log in the dashboard, which tells me the following:

{
  "date": "2019-11-04T10:51:40.494Z",
  "type": "slo",
  "description": "Redirected to IdP",
  "connection": "facebook",
  "connection_id": "xxx",
  "client_id": "xxx",
  "client_name": "xxx",
  "ip": "xxx",
  "user_agent": "Chrome 78.0.3904 / Mac OS X 10.15.0",
  "details": {
    "return_to": "http://localhost:3000/auth/logout",
    "allowed_logout_url": [
      "http://localhost:3000/auth/logout",
      "http://localhost:3000/auth/signin"
    ],
    "session_id": "xxx",
    "device_id": "xxx"
  },
  "hostname": "xxx.eu.auth0.com",
  "user_id": "xxx",
  "user_name": "xxx@gmail.com",
  "auth0_client": {
    "name": "auth0-spa-js",
    "version": "1.3.2"
  },
  "log_id": "xxx",
  "_id": "xxx",
  "isMobile": false
}

So it seems to be set correctly, however I always get redirected to the Facebook home page in case I’m logged in with Facebook. Same goes to the Google login.

Could you please point me to the right direction?

Guangjie · November 13, 2019, 1:13am

Hi David,

If you would like to set the federated parameter to logout users from external IdP – in your case it’s Google and Facebook – you need to set Client ID and Secret for these providers in the Dashboard for the logout to function properly. You can read this document for further details.

After you have set the the Client ID and Secret, to make the redirectTo work after logout for Facebook, there is additional requirement: Log Users Out of Identity Providers

And Google, unfortunately doesn’t support to redirect after logout: openid - google account logout and redirect - Stack Overflow

konrad.sopala · November 13, 2019, 9:21am

Thanks for sharing your knowledge here @Guangjie!

system · November 28, 2019, 9:21am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Auth0-spa-js, passing returnTo to logout not working Help react	3	2575	January 3, 2023
Log out returnTo parameter shows Oops!, something went wrong page Help bugs	2	7183	August 28, 2019
Auth0 Allowed Logout URLs only working with 1st URL in the list Help auth0-spa-js , sdks-quickstarts	2	1220	September 5, 2023
Failed to log out due to return to URL not defined, although it is clearly set and matched Help	4	2568	December 18, 2020
webAuth.logout({clientId: ..., redirectTo: ...}) goes to login page instead of redirectTo URL Help logout , redirect-to	3	4771	September 3, 2019

Logout with "returnTo" parameter for social logged in user doesn't work

Related Topics