Application does not logout from Auth0 when calling logout

tommedema · November 29, 2019, 11:35pm

I’ve implemented auth0-spa-js as per the quick start:

tommedema/startup-boilerplate/blob/master/packages/react-app/src/lib/auth0.tsx

import React, { useState, useEffect, useContext } from 'react'
import createAuth0Client from '@auth0/auth0-spa-js'
import Auth0Client from '@auth0/auth0-spa-js/dist/typings/Auth0Client'

export interface Auth0RedirectState {
  targetUrl?: string
}

export interface Auth0User extends Omit<IdToken, '__raw'> {}

interface Auth0Context {
  user?: Auth0User
  isAuthenticated: boolean
  isInitializing: boolean
  isPopupOpen: boolean
  loginWithPopup(o?: PopupLoginOptions): Promise<void>
  handleRedirectCallback(): Promise<RedirectLoginResult>
  getIdTokenClaims(o?: getIdTokenClaimsOptions): Promise<IdToken>
  loginWithRedirect(o?: RedirectLoginOptions): Promise<void>
  getTokenSilently(o?: GetTokenSilentlyOptions): Promise<string | undefined>

This file has been truncated. show original

And here’s my call to auth0Client.logout():

github.com

tommedema/startup-boilerplate/blob/master/packages/react-app/src/components/EmojiView.tsx

import React, { Fragment, EventHandler, SyntheticEvent } from 'react'
import { useAuth0 } from '../lib/auth0'
import useAPIResult from '../lib/useAPIResult'

const EmojiView: React.FC = () => {
  const {
    isAuthenticated,
    logout,
    user
  } = useAuth0()

  if (!isAuthenticated) {
    return <div>Permission Denied</div>
  }

  const email = user && user.email

  if (!email) {
    return <div>Failed to fetch user email from identity service</div>
  }

This file has been truncated. show original

The problem is that when I logout, it does not actually log me out of auth0, even when I pass federated: true. If I click login, it’ll automatically login without needing to re-enter my credentials, as it’s still logged into auth0 (but not the application).

Here’s a video illustrating the problem:

https://www.loom.com/share/77f2f72cde05468080afc05021cfb5eb

Post-logout, it should not still be logged in at auth0.

jmangelo · December 11, 2019, 2:08pm

As a first step, if you haven’t done so already, it would be helpful to confirm what happens at the network level once the logout action is triggered. In order to logout from Auth0 you would need to seen an outgoing request to the logout endpoint so can you confirm in the browser network tools if such request is issued?

tommedema · December 11, 2019, 5:13pm

This has been resolved by doing an e.preventDefault in the logout click handler

dan.woda · December 25, 2019, 9:13pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Build currect Redirect in auth0-spa-js React app and custom pages Help auth0 , custom-login , login , js , react , redirect , popup , auth0-spa-js	0	2739	April 29, 2022
loginWithRedirect not working with @auth0/auth0-spa-js Help	4	4892	October 28, 2021
Authenticating Your First React App Blog Discussions javascript , react , reactjs , auth0-spa-js	42	12305	March 7, 2022
How to logout out of a React web app without using the React SDK? Help classic-universal-login-experience , login-experience	1	3026	November 18, 2024
How to log out of Auth0 on tab/window close Help logout , auth0 , auth0js	10	9837	March 25, 2020

Application does not logout from Auth0 when calling logout

Related topics