Achieving Local-Only Logout with SSO Across Two Apps (React & NextJS)

ktvrdi · February 5, 2025, 4:56pm

Hello Auth0 Community,

I have two separate applications:

App A (React)
App B (Next.js v14.2.17 using @auth0/nextjs-auth0 v3.6.0)

I want to achieve SSO such that if a user logs in through App A, they can seamlessly access App B (and vice versa) without re-entering credentials. However, once logged in, these two apps should maintain independent logout behavior:

• If the user logs out of App A, they should remain logged in on App B until their session naturally expires or they explicitly log out of App B.

• Likewise, logging out of App B should not affect the session on App A.

Essentially, shared login but local-only logout in each app.

Has anyone successfully configured this scenario with a similar setup?

Any guidance or examples on how to configure @auth0/nextjs-auth0 and an Auth0 tenant to get local-only logouts while preserving SSO would be greatly appreciated!

Thanks!

remus.ivan · February 5, 2025, 6:42pm

Hi @ktvrdi,

Welcome to the Auth0 Community and thank you for posting your inquiry.

Even though you have a SSO implementation the logout sessions within your applications are already independent from each other, meaning that if a user logs out of the Application1 that user will remain logged in on the Application2 and vice-versa. This is the natural behavior for the SSO protocol unless you have manually integrated either federated logout or implemented Single Logout.

I hope this helped.
Best regards,
Remus

ktvrdi · February 6, 2025, 9:31am

Am I doing something wrong here? Since when I log out user from NextJS App B, I need to login again on React App A, which I don’t want to be that case.

We are simply on client side in NextJS we click on <a href="/api/auth/logout">Log Out</a>

Sharing code:

api/auth/callback/routeModule.ts:
export function GET(req: NextRequest, res: AppRouteHandlerFnContext) {
  return handleCallback(req, res);
}

api/auth/login/route.ts:
export function GET(req: NextRequest, res: AppRouteHandlerFnContext) {
  return handleLogin(req, res, {
    returnTo: '/',
  });
}

api/auth/logout/route.ts:
export function GET(req: NextRequest, res: AppRouteHandlerFnContext) {
  return handleLogout(req, res, {
    returnTo: '/',
  });
}

Thank you.

remus.ivan · February 13, 2025, 9:44pm

Hi @ktvrdi and sorry for replying late.

After further checking on this matter, when hitting the logout endpoint using the Next.js SDK, this will log the users out globally, meaning that all sessions will get invalidated, including the auth0 session cookie, as detailed in our documentation.

One way to go in this use case would be to make sure that the application logs the user out only locally, maintaining the Auth0 session intact for the SSO interaction. You can try passing the localOnly: true to the “HandleLogout” function. You can also try not calling the “HandleLogout” at all, but instead create a logout function that deletes the app session when logging out.

I might also recommend checking into implementing Silent Authentication in case one app already has an active session, and configure the SSO Session Timeout to a lower frame to minimize security risks.

Please let me know if that does the trick.
Thanks,
Remus

Topic		Replies	Views
The user remains logged in even when logging out Get Help nextjs-auth0 , sdks-quickstarts	1	1080	April 5, 2023
Auth0/nextjs Help with SilentAuth for SSO Integration Help nextjs	0	1937	November 6, 2022
SSO between different React Apps Get Help	5	4775	November 8, 2018
Single logout across multiple applications using cookies (nextjs) Get Help logout , sessions	0	390	April 2, 2024
I Need a seamless login between two applications (nextjs and spring mvc) using same auth0 client Get Help login-experience , login-prompt-new-experience	8	1034	January 26, 2024

Achieving Local-Only Logout with SSO Across Two Apps (React & NextJS)

Related topics