Application does not logout from Auth0 when calling logout

tommedema · November 29, 2019, 11:35pm

I’ve implemented auth0-spa-js as per the quick start:

tommedema/startup-boilerplate/blob/master/packages/react-app/src/lib/auth0.tsx

import React, { useState, useEffect, useContext } from 'react'
import createAuth0Client from '@auth0/auth0-spa-js'
import Auth0Client from '@auth0/auth0-spa-js/dist/typings/Auth0Client'

export interface Auth0RedirectState {
  targetUrl?: string
}

export interface Auth0User extends Omit<IdToken, '__raw'> {}

interface Auth0Context {
  user?: Auth0User
  isAuthenticated: boolean
  isInitializing: boolean
  isPopupOpen: boolean
  loginWithPopup(o?: PopupLoginOptions): Promise<void>
  handleRedirectCallback(): Promise<RedirectLoginResult>
  getIdTokenClaims(o?: getIdTokenClaimsOptions): Promise<IdToken>
  loginWithRedirect(o?: RedirectLoginOptions): Promise<void>
  getTokenSilently(o?: GetTokenSilentlyOptions): Promise<string | undefined>

This file has been truncated. show original

And here’s my call to auth0Client.logout():

github.com

tommedema/startup-boilerplate/blob/master/packages/react-app/src/components/EmojiView.tsx

import React, { Fragment, EventHandler, SyntheticEvent } from 'react'
import { useAuth0 } from '../lib/auth0'
import useAPIResult from '../lib/useAPIResult'

const EmojiView: React.FC = () => {
  const {
    isAuthenticated,
    logout,
    user
  } = useAuth0()

  if (!isAuthenticated) {
    return <div>Permission Denied</div>
  }

  const email = user && user.email

  if (!email) {
    return <div>Failed to fetch user email from identity service</div>
  }

This file has been truncated. show original

The problem is that when I logout, it does not actually log me out of auth0, even when I pass federated: true. If I click login, it’ll automatically login without needing to re-enter my credentials, as it’s still logged into auth0 (but not the application).

Here’s a video illustrating the problem:

https://www.loom.com/share/77f2f72cde05468080afc05021cfb5eb

Post-logout, it should not still be logged in at auth0.

jmangelo · December 11, 2019, 2:08pm

As a first step, if you haven’t done so already, it would be helpful to confirm what happens at the network level once the logout action is triggered. In order to logout from Auth0 you would need to seen an outgoing request to the logout endpoint so can you confirm in the browser network tools if such request is issued?

tommedema · December 11, 2019, 5:13pm

This has been resolved by doing an e.preventDefault in the logout click handler

dan.woda · December 25, 2019, 9:13pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.