Auth0 Logout also logs me out of Google

Hi, I’ve searched and the only similar thing I can find is saying to ensure you don’t have ‘?federated’ at the end of the logout URI - which I do not.

Whenever I log out of my web application, having logged in with Google, it logs me out of Google also.
I call:
hxxps://www.mydomain.com/auth/logout
This is a node.js / express route which clears my session in the app and then returns a 302 redirect to:
hxxps://mytenant.eu.auth0.com/logout?client_id=secret&returnTo=https%3A%2F%2Fwww.mydomain.com%2F
As you can see, no ‘federated’!
Instead of returning me to my app, Auth0 then sends me a 302 redirect to:
hxxps://accounts.google.com/logout

The log file in my dashboard doesn’t help me much:
{
“date”: “2020-07-12T11:10:48.202Z”,
“type”: “slo”,
“description”: “Redirected to IdP”,
“connection”: “google-oauth2”,
“connection_id”: “redacted”,
“client_id”: “redacted”,
“client_name”: “redacted”,
“ip”: “redacted”,
“user_agent”: “Chrome 83.0.4103 / Mac OS X 10.15.5”,
“details”: {
“return_to”: “hxxps://www.mydomain.com/”,
“allowed_logout_url”: [
“hxxp://localhost:3000/”,
“hxxps://www.mydomain.com/”,
“hxxp://www.mydomain.com/”
],
“session_id”: “redacted”
},
“hostname”: “mytenant.eu.auth0.com”,
“user_id”: “google-oauth2|redacted”,
“user_name”: “redacted@gmail.com”,
“log_id”: “90020200712111048624000636608013511563534887935543345170”,
“_id”: “90020200712111048624000636608013511563534887935543345170”,
“isMobile”: false
}

Any idea what I’m doing wrong? Or have I tripped over something weird?

Thanks,

Mark

PS Obviously ‘hxxps’, ‘mydomain’, ‘mytenant’ and ‘redacted’ aren’t what I really see!

Hi @mahood73, that’s definitely not expected. One potential issue could be that you are using https://mytenant.eu.auth0.com/logout. Can you try https://mytenant.eu.auth0.com/v2/logout instead? (note the /v2 part)

Side note: noticed that you have client_id=secret in the URL. The value of that param should be the client ID and not the secret.

Let us know if what Thameera suggested solved your struggle!

Thameera,

thank you - that did indeed solve the problem! I think I got the URL I was using from the node.js quickstart, but I see in the API docs that it should contain ‘v2’.

And yes, my client_id is not ‘secret’, I am sending the right value, I just hid it for the post.

Thank you again!

Mark

No worries! We’re here for you!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Edit: I noticed that the Node.js Quickstart with Passport is already updated Auth0 Express SDK Quickstarts: Login

Howdy, Mark! I am going to request the Quickstart to be updated. I faced the same issue while update the " Node.js and Express Authentication Using Passport" tutorial.

Thanks, Thameera, for providing this solution!