How to clear Auth0 session cookie inside Action

jeremie.poisson · June 5, 2023, 8:23am

Hi,

We have a current workflow for authentication :

User access application
User is redirected to Auth0 New Universal Login
User authenticates to Custom Database (session cookie created)
User is redirected by Action to an external Custom MFA page
In some case MFA is not successfull → the MFA page redirect to Auth0 /continue URL so that Action can verify session token and invalidate it (it works)

The thing is that the last step simply blocks the authentication part using an api.access.deny(), but this doesn’t clear the session cookie. If we try to authenticate again we will skip the login/password page and get directly redirected to MFA pages.

How can we do this in Actions, if we can’t here how can we do it either in our custom MFA page (html/javascript) or inside application.

Thank you

dan.woda · June 13, 2023, 6:46pm

Hi @jeremie.poisson,

Does workaround described in this topic solve your issue?

jeremie.poisson · June 14, 2023, 6:29am

Hi,

Not a all.

But using api.redirect() with app logout URL instead of using api.acces.deny() does work though.

dan.woda · June 14, 2023, 12:21pm

If you didn’t want to redirect back to Auth0 (/continue), you should be able to logout directly from your custom MFA page.

jeremie.poisson · June 14, 2023, 12:59pm

Indeed, but my custom MFA page doesn’t have application context.

Auth0 Action does have it.

system · July 20, 2023, 3:34pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.