Delete cookie on logout - webAuth.authorize();

:wave: we have Nico who provided some further information on the logout functionality that may be useful/helpful for specific cases, found here: Auth0 SLO where Auth0 acts both IDP and SP - #7 by nicolas_sabena

I am copying over the post from the above thread:

I can confirm that, as of now, Auth0 will not reach out to the upstream identity provider (a “federated” logout) if the original logout request was a SAML logout request (i.e. it came from a SAML service provider).
Auth0 will issue a logout request to the upstream IdP if the strategy supports it (that’s what the logout URL is for in SAML connections) when you use the /v2/logout endpoint with the ?federated option (see Logout). This endpoint is meant to be used by OAuth2/OIDC clients mostly. You can’t use it from a SAML relying party, though, because it does not do the SAML SLO (does not send a SAML logout request to all other participant service providers).

So, to sum up, regardless of the protocol used in the upstream connection,:

  • SAML logout requests from SPs will not cause a logout request to the upstream connection.
  • WS-Federation logout requests will cause a logout request to the upstream connection (if supported).
  • /v2/logout will cause a logout request to the upstream connection (when supported) if the federated parameter is used.

I do agree that the above behavior is somewhat inconsistent and could be improved. If this is something you need, I would encourage you to leave feedback at https://auth0.com/docs/feedback, as customers requests will help the Product team prioritize features.

Please let me know if this helps clarify things. If not, simply let me know and I can have someone jump in to help clarify any processes further on how they are intended to behave!