In my tenant there are two SPA applications connected with no social logins. Signing in at one application signs me up at another. But I’ve to logout from those separately. Is there any way to logout from all the applications at once?
Hi @DawnMD
Welcome to the Auth0 Community.
We discuss your options in logging out of multiple applications here, in brief you can either configure short timeouts in your local session and redirect to Auth0 regularly to re-authenticate or handle at application level and let other applications know a log out has occurred in which case they should also logout, please see https://auth0.com/docs/authenticate/login/logout/log-users-out-of-applications
Warm regards.
1 Like
Following the second option i.e letting the other application know from within application itself, should I just call /logout ending with different clientID during logout?
Hi @DawnMD
Yes call logout from the respective applications using the correct client_id for that application as Auth0 will use the client_id to get the authorised redirect_uri’s to ensure the redirect_uri passed into logout is authorised.
Warm regards.
1 Like
What I was trying for example I’m in application B and I call logout from useAuth0 two times with client ID of app A and client ID of app B. But then when I visit application A its still in logged in state, no results after a hard refresh. Anything I’m understanding wrong here?
Thanks you
Hi @DawnMD
It doesn’t quite work that way, you would need to call logout from application a with the client_id for application a and then call logout from application b with the client_id of application b.
Therefore you would need a way to inform application b that a logout has been performed on application a so it too needs to perform a logout.
One way you may implement this is possibly having your own session management API, a user logout on one app sets a flag there (posting the user_id, email, connection, client_id etc). You have key pages in your applications that poll your session management API and if a record exists for the user and connection, this indicates a logout has occurred (check if the logout is recent using a configurable threshold maybe) then within that application redirect the user to our logout endpoint and perform any application level session clear up if relevant.
I hope this helps.
Warm regards.
2 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.