It seems that in the logout docs you’re expected to hit Auth0’s /logout
endpoint for any logging out scenario in order to indicate to Auth0 that a user has logged out.
However, it seems that most of the code samples don’t seem to do this, but only handle the application’s logout session. e.g.
Jquery Sample:
function logout() {
// Remove tokens and expiry time from localStorage
localStorage.removeItem('access_token');
localStorage.removeItem('id_token');
localStorage.removeItem('expires_at');
displayButtons();
}
React sample:
logout() {
// Clear access token and ID token from local storage
localStorage.removeItem('access_token');
localStorage.removeItem('id_token');
localStorage.removeItem('expires_at');
// navigate to the home route
history.replace('/home');
}
Are they hitting the endpoint elsewhere? Or should these docs be altered or am I misunderstanding something here.