I have developed one chrome extension and using Auth0 Chrome extension SDK to integrate it and it works all well. When it comes to logout, I am redirecting user to URL as mentioned in https://auth0.com/docs/logout#log-out-a-user
But user is not asked for email and password for social login when user clicks on login again.
Any idea how this can be fixed?
Update
Here is the code used for the logout call:
var logoutUser = function (cb) {
console.log('Make API Call logoutUser: ', requestData);
var xhr = $.ajax('https://******/v2/logout?federated', {
async: true,
crossDomain: true,
method: 'GET',
error: function (xhr, status, err) {
console.log('AJAX Error', xhr.status, xhr.responseText);
if (xhr.status === 429) {
return cb({
status: 429,
message: xhr.responseJSON.message
})
} else {
return cb({
status: 400,
message: 'Ajax Error'
});
}
},
success: function (res) {
return cb(null, res);
}
})
}
You should update your question with additional information, in particular, the chrome extension source code associated with how you implemented logout. There’s a lot of things that can impact the ability to logout, for example, a social provider may even not allow to perform this sort of programmatic logout or you may be calling logout in a place that is different of the one where the session was established so it ends up not having the desired effect.
@jmangelo I am using Auth0Chrome SDK. Here is the link of example code - https://auth0.com/docs/quickstart/native/chrome/01-login
In logout I am clearing localStorage where I am keeping the tokens and calling
https:///v2/logout?federated in background.js when user click on logout button
Let me know if you need more details
@jmangelo I am using Auth0Chrome SDK. Here is the link of example code - https://auth0.com/docs/quickstart/native/chrome/01-login
In logout I am clearing localStorage where I am keeping the tokens and calling
https:///v2/logout?federated in background.js when user click on logout button
Let me know if you need more details
@accounts6 yeah, I checked the quickstart and the logout showed there is only local so can you include as a question update how do you exactly call the logout endpoint in background.js? I confess that I’m not that knowledgeable in Chrome extensions so the more specific you can be the better for me.
@jmangelo It is simple HTTP call to the above endpoint; I updated the quesion.
@jmangelo It is simple HTTP call to the above endpoint; I updated the quesion.
Based on my (limited) knowledge around chrome extension, the way you are performing the call means that the logout is executed in a scope that is not associated with the initial login so it won’t perform any actual logout as there’s no existing session to logout from when you call it like a regular AJAX call.
The logout needs to be performed in the same scope that the login; from a quick look at how login works and also based on this SO question/answer you may need to use chrome.identity.launchWebAuthFlow to perform the logout. The same method is used for login so this would ensure that the logout clear the authenticated session where that session was indeed created.