Having trouble with logout on the sample NodeJS app

I have been going back and forth between the documentation and a few other forum post, but I for the life of me cannot figure out how to get the logout feature to work and clear the session.

Here is what I have tried

router.get(‘/logout’, (req, res) => {
req.logout({
returnTo: “http%3A%2F%2Flocalhost:3000”,
client_id: “MYCLIENTIDHERE”
});
res.redirect(‘/’);
});

and

// Perform session logout and redirect to homepage
router.get(‘/v2/logout?returnTo=http%3A%2F%2Flocalhost:3000&client_id=MYCLIENTIDHERE’, (req, res) => {
req.logout();
res.redirect(‘/’);
});

Is there something simple that I am missing? Please let me know if any additional information is needed. Thanks in advance!

Hi @keepitsane

The first one you tried should be correct.

What’s the particular issue you are having? Are you receiving an error message?
The Auth0 logs can help identify the issue so it helps to check those as well.

When I try the first one I get no response at all, and nothing in the logs even shows up for the event.

I have also tried including these as the allowed logout urls http://localhost:3000/logout, http://localhost:3000

It still just does nothing just redirects to homepage after I click the logout button. Then when I click the sign in it does not even prompt to login back in, just pushes the previously signed in user through to the application.

1 Like

Can you provide me with a HAR file so I can investigate why the browser says “ok” while you’re still logged in?
How to troubleshoot with HAR files and steps to generate a HAR file:

Thanks for help and sorry for inconveniences!

@konrad.sopala

Here is the HAR file that you requested. Also sorry about the duplicate posts.
localhost.har (679.4 KB)

Please let me know if any additional information is needed! Thanks once again for the help

Was there ever a solution found to this issue?
If so, could the fix be posted and described here?

No it wasn’t the issue still persists. No one ever got back to me.

1 Like

I am experiencing the same issue with your nodejs example, provided in the documentation.
Is there something missing from that source code I am missing to clear the session?

After logging out, I’ve cleared the session in the browser and as the previous user described it, I can just click login and it doesn’t prompt but logs right in.

I have found a solution which is in the documentation, tho it took a bit of reading to find it.

In short, you can destroy your session for the user in Node, however the session still exists on the Auth0 platform. So its important to call the https://.auth0.com/v2/logout path to tell Auth0 to drop the session.

More information on the endpoint: Authentication API Explorer

I hope that helps you as it has helped me :slight_smile:

1 Like

You got this to work? Because in my first post I do this and it doesn’t work. You think you could post the code snippet of your logout route so I could compare.

Your code looks like your calling your node instance, not the Auth0 /v2/logout endpoint
Here is some code, hope it helps!

/* LOGOUT ROUTER */
router.get('/logout', (req, res) => {
  req.logout();
  if (req.session) {
    req.session.destroy(function (err) {
      if (err) {
        console.log(err)
      }
      console.log("Destroyed the user session on Auth0 endpoint");
      res.redirect('https://<myapp>.auth0.com/v2/logout?client_id=<clientId>&returnTo=http://localhost:3000/');
    });
  }
});

Also, make sure your returnTo address is in your applications configuration under “Allowed Logout URLs” This tells the endpoint its allowed to redirect your users to the given address.

Best of Luck!

1 Like

The solution provided by @calvincs seems totally fine. @keepitsane please let us know if it works for you too otherwise we’ll dig into your HAR file!

@konrad.sopala I face the problem that when I call mytenant.eu.auth0.com/v2/logout I get CORS error.
I’ve set allowed callback urls to http://localhost:4200/callback, http://localhost:4200/. When I call the logout url directly from browser it logs me out, but calling the endpoint from the app throws the error

http://localhost:4200’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

This Seamless SSO thing is really a nasty thing and also there is no mention of this in any of the guides… Thanks

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.