I have a standard web app that was setup using your quick start guide: Auth0 Express SDK Quickstarts: Login
The web app has a single enabled enterprise connection setup with Azure Active Directory.
The web app needs to support federated logout so I’ve added the &federated
parameter to the logout url as described here Log Users Out of Identity Providers
My issue is that there is a seemingly random chance that logout does not redirect the user to the correct federated logout url. After clearing the user session in the web app, we redirect to our auth0 tenant just as the quick start has it (but with the federated parameter).
50% of the time the user is then redirected to the AAD logout url: https://login.microsoftonline.com/**<connection-name>**/oauth2/logout?post_logout_redirect_uri=https://**<tenant-name>**.auth0.com/login/callback?returnTo=**<redirect-url>**
and is then logged out of AAD.
The other 50% of the time the user is redirected to https://login.microsoftonline.com/oauth2/logout?post_logout_redirect_uri=https://**<tenant-name>**.auth0.com/login/callback?returnTo=**<redirect-url>**
and Microsoft returns a 404 page. The difference between these urls is that the connection name is not included in the failure case. Looking through Microsoft docs it seems that they are expecting the url to be /common/oauth2/logout
. OpenID Connect (OIDC) on the Microsoft identity platform - Microsoft Entra | Microsoft Learn which doesn’t match either of these.
The inconsistent redirect url returned by Auth0 does not seem to be controllable by my web app’s logic, so I am at a loss as to how to debug this. Any help would be appreciated!