Blazor webassembly "User successfully logged out" followed by "Successful silent auth"?

Macrossium · August 19, 2021, 1:55am

Hi Auth0 Community,

I’ve implemented auth0 in my blazor webassembly app based on the great guide:

It’s worked really well except for a problem where sometimes the logout seems to fail about 20% of the time.

After trying several different things to no avail I had a look at the log found in auth0 “Monitoring” → “Logs” and looked at what the log generates in the two scenarios.

When I reproduce the problem (where the logout seems to fail) I see that there is a “Success Logout” type message followed by two of each “Success Exchange” and “Success Silent Auth” type messages.

The client_id, hostname, user_id and user_name are the same in all the messages. The session_id is also the same but not present in the “Success Exchange” message.

One of the “Success Exchange” and one of the “Success Silent Auth” messages have a date after the “Success Logout” date. Refreshing the page continues to generate “Success Exchange” and “Success Silent Auth” and the application reflects that the user is authenticated.

In the case where the problem does not occur (the logout works) I get a “Success Logout” followed by a “Failed Silent Auth” which is what I would expect.

So my question is how is it possible to have a message type of “Success Logout” followed by a “Success Exchange” and “Success Silent Auth” from the same user without a “Success Login” in between?

I originally thought that this might be due to an error that I made configuring my test auth0 environment but I have been able to reproduce this same problem after swapping to my companies auth0 environment as well.

I have made some changes beyond the guide I listed above which may be the cause of my problems but at this stage I’m trying to work out how the log can be reporting what it is reporting.

Any help would be greatly appreciated!

Kind regards,
Macrossium

smfields · February 6, 2022, 2:33am

Were you ever able to resolve this issue?

I’m running into this issue as well, and it appears to me like what’s happening is that whenever a logout action is triggered via the RemoteAuthenticatorView, two requests are almost simultaneously sent out. The first is a call to the logout endpoint, followed by a call to the authorize endpoint. If the call to the authorize endpoint returns first then the logout “fails”.

Macrossium · February 6, 2022, 9:25pm

Hi smfields,

In the end I was able to resolve my issue.

The issue appeared to be caused by having an object dependency injected as a singleton (AddSingleton) that had SignOutSessionStateManager and AuthenticationStateProvider injected into it.

Once I changed my object to be dependency injected as scoped (AddScoped) the log out issue disappeared.

I was lead to this conclusion as I had another singleton object that was dependency injected that also used AuthenticationStateProvider that would query AuthenticationStateProvider.GetAuthenticationStateAsync() every few seconds and I noticed that this call would return that the AuthenticationState was NOT authenticated sometimes even after the user had successfully logged in. If it was incorrect it would eventually start returning the correct AuthenticationState after about 15 seconds.

Once I changed this object to scoped (AddScopped) the AuthenticationState was correct immediately.

I hope this help you as I know it is a frustrating issue!

Kind regards,
Macrossium

konrad.sopala · February 7, 2022, 10:38am

Wooohooo! Glad it’s working now!

system · February 22, 2022, 10:39am

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.