As using the same tenant having 2 different apps running I have trouble logging out the one app doesn’t result in the other app to log out. In order to logout I have to check the session time and again. What will be the best practice in order to check if the access token generated is valid or not.
If the applications are authenticating through OpenID Connect then at this time we do not support means for application A to immediately be notified of a logout operation started at application B.
At this time what is available, but with constraints, is the possibility for one application to query for the existence of an active session. This would allow for application A to be aware of the logout started in B after some time; I would recommend to check the reference documentation, but I believe checking the existence of a session hourly would be possible and acceptable within the service established rate limits.
Just two additional notes:
- for application leveraging SAML protocol with Auth0 then SAML single logout is supported (see https://auth0.com/docs/protocols/saml/saml-configuration/logout#saml-single-logout-slo-scenario).
- I can informally let you know that there’s been some internal discussions about the possibility to support similar capabilities for OIDC applications, but at this time I don’t have any definitive information about if/when this would be supported.