Force logout causing Universal Login to run an infinite loop?

In our app we have a force logout functionality that we use to mark the users device as missing, and then clear out all the session ids. Then when trying to go to our app with the user that we just forced log out for we get an unauthorized error, but its an infinite loop, not allowing us to log in or do anything except be stuck in that loop. We are using webAuth Auth0 v9 universal login. Previously we were using AuthLock embedded login and it worked fine with that.

Hello, @nikhil.batta! Welcome to the Auth0 Community.

I believe that this might be caused by the three layers of Logout - application, Auth0, and IdP. You might be logging out the user of the application, but while the session still exists in Auth0, Auth0 is performing SSO into your application, and then your application kicking it back to Auth0 to authenticate, and then… well, you see the loop.

More information about the three layers of Logout can be found here: https://auth0.com/docs/logout

I also recommend that you check our document about logging users out of Auth0, as this might be just the final step that you need to implement: https://auth0.com/docs/logout/log-users-out-of-auth0

Let us know if this was indeed the issue, or if you have any further questions.