Conform to OpenID logout specification

The logout endpoint (/v2/logout) does not seem to conform to the OIDC specification, which says that the redirect URL should be defined in the post_logout_redirect_uri parameter:

However, Auth0 is using a returnTo parameter instead:

I tried using post_logout_redirect_uri in my logout request despite the documentation, however it did not redirect.

This means that OIDC libraries/packages/etc can’t be used to log out of Auth0 in a user-friendly way because they are not redirected back to the application as intended.

I did some searching and know this topic is similar to these others, however they were closed without any resolution:

Hey there @bgustafson welcome to the community!

Thanks for bringing this up - As of now, you are correct in that this does not conform to the OIDC spec but is instead proprietary to Auth0. We are well aware of this discrepancy and there has been significant discussion internally on how to best add this to the product, but as of now returnTo is the only option. I 100% understand this is not ideal and causes issues when working with 3rd party OIDC libraries/packages/SDKs etc. and hope that we can conform to this part of the spec at some point in the near future.

I unfortunately do not have a timeline as to when or if this will be implemented, but I definitely encourage you to add this as feedback here in the community - This is monitored by our team and it would be a good place to get a feel for how many developers this is affecting.

Thank you!

Thanks for the reply! I switched this post to be in the Feedback category thinking it would be better so that it’s not duplicated. Or, do you prefer / is it better that they be separate posts (I see this topic will be closed 15 days after last reply)?

1 Like

No problem! Perfect, thanks for doing that. I removed the timer so we’re good to go there - Hopefully this gets some traction with other community members :arrow_up: