Hi, I’ve searched and the only similar thing I can find is saying to ensure you don’t have ‘?federated’ at the end of the logout URI - which I do not.
Whenever I log out of my web application, having logged in with Google, it logs me out of Google also.
I call:
hxxps://www.mydomain.com/auth/logout
This is a node.js / express route which clears my session in the app and then returns a 302 redirect to:
hxxps://mytenant.eu.auth0.com/logout?client_id=secret&returnTo=https%3A%2F%2Fwww.mydomain.com%2F
As you can see, no ‘federated’!
Instead of returning me to my app, Auth0 then sends me a 302 redirect to:
hxxps://accounts.google.com/logout
The log file in my dashboard doesn’t help me much:
{
“date”: “2020-07-12T11:10:48.202Z”,
“type”: “slo”,
“description”: “Redirected to IdP”,
“connection”: “google-oauth2”,
“connection_id”: “redacted”,
“client_id”: “redacted”,
“client_name”: “redacted”,
“ip”: “redacted”,
“user_agent”: “Chrome 83.0.4103 / Mac OS X 10.15.5”,
“details”: {
“return_to”: “hxxps://www.mydomain.com/”,
“allowed_logout_url”: [
“hxxp://localhost:3000/”,
“hxxps://www.mydomain.com/”,
“hxxp://www.mydomain.com/”
],
“session_id”: “redacted”
},
“hostname”: “mytenant.eu.auth0.com”,
“user_id”: “google-oauth2|redacted”,
“user_name”: “redacted@gmail.com”,
“log_id”: “90020200712111048624000636608013511563534887935543345170”,
“_id”: “90020200712111048624000636608013511563534887935543345170”,
“isMobile”: false
}
Any idea what I’m doing wrong? Or have I tripped over something weird?
Thanks,
Mark
PS Obviously ‘hxxps’, ‘mydomain’, ‘mytenant’ and ‘redacted’ aren’t what I really see!