Auth0 Logout also logs me out of Google

mahood73 · July 12, 2020, 11:35am

Hi, I’ve searched and the only similar thing I can find is saying to ensure you don’t have ‘?federated’ at the end of the logout URI - which I do not.

Whenever I log out of my web application, having logged in with Google, it logs me out of Google also.
I call:
hxxps://www.mydomain.com/auth/logout
This is a node.js / express route which clears my session in the app and then returns a 302 redirect to:
hxxps://mytenant.eu.auth0.com/logout?client_id=secret&returnTo=https%3A%2F%2Fwww.mydomain.com%2F
As you can see, no ‘federated’!
Instead of returning me to my app, Auth0 then sends me a 302 redirect to:
hxxps://accounts.google.com/logout

The log file in my dashboard doesn’t help me much:
{
“date”: “2020-07-12T11:10:48.202Z”,
“type”: “slo”,
“description”: “Redirected to IdP”,
“connection”: “google-oauth2”,
“connection_id”: “redacted”,
“client_id”: “redacted”,
“client_name”: “redacted”,
“ip”: “redacted”,
“user_agent”: “Chrome 83.0.4103 / Mac OS X 10.15.5”,
“details”: {
“return_to”: “hxxps://www.mydomain.com/”,
“allowed_logout_url”: [
“hxxp://localhost:3000/”,
“hxxps://www.mydomain.com/”,
“hxxp://www.mydomain.com/”
],
“session_id”: “redacted”
},
“hostname”: “mytenant.eu.auth0.com”,
“user_id”: “google-oauth2|redacted”,
“user_name”: “redacted@gmail.com”,
“log_id”: “90020200712111048624000636608013511563534887935543345170”,
“_id”: “90020200712111048624000636608013511563534887935543345170”,
“isMobile”: false
}

Any idea what I’m doing wrong? Or have I tripped over something weird?

Thanks,

Mark

PS Obviously ‘hxxps’, ‘mydomain’, ‘mytenant’ and ‘redacted’ aren’t what I really see!

thameera · July 13, 2020, 1:17am

Hi @mahood73, that’s definitely not expected. One potential issue could be that you are using https://mytenant.eu.auth0.com/logout. Can you try https://mytenant.eu.auth0.com/v2/logout instead? (note the /v2 part)

Side note: noticed that you have client_id=secret in the URL. The value of that param should be the client ID and not the secret.

konrad.sopala · July 13, 2020, 8:05am

Let us know if what Thameera suggested solved your struggle!

mahood73 · July 13, 2020, 8:55am

Thameera,

thank you - that did indeed solve the problem! I think I got the URL I was using from the node.js quickstart, but I see in the API docs that it should contain ‘v2’.

And yes, my client_id is not ‘secret’, I am sending the right value, I just hid it for the post.

Thank you again!

Mark

konrad.sopala · July 13, 2020, 9:15am

No worries! We’re here for you!

system · July 28, 2020, 9:15am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

dan-auth0 · October 11, 2020, 5:59pm

Edit: I noticed that the Node.js Quickstart with Passport is already updated Auth0 Express SDK Quickstarts: Login

Howdy, Mark! I am going to request the Quickstart to be updated. I faced the same issue while update the " Node.js and Express Authentication Using Passport" tutorial.

Thanks, Thameera, for providing this solution!