How to clear Auth0 session cookie inside Action

Hi,

We have a current workflow for authentication :

  • User access application
  • User is redirected to Auth0 New Universal Login
  • User authenticates to Custom Database (session cookie created)
  • User is redirected by Action to an external Custom MFA page
  • In some case MFA is not successfull → the MFA page redirect to Auth0 /continue URL so that Action can verify session token and invalidate it (it works)

The thing is that the last step simply blocks the authentication part using an api.access.deny(), but this doesn’t clear the session cookie. If we try to authenticate again we will skip the login/password page and get directly redirected to MFA pages.

How can we do this in Actions, if we can’t here how can we do it either in our custom MFA page (html/javascript) or inside application.

Thank you

Hi @jeremie.poisson,

Does workaround described in this topic solve your issue?

Hi,

Not a all.

But using api.redirect() with app logout URL instead of using api.acces.deny() does work though.

1 Like

If you didn’t want to redirect back to Auth0 (/continue), you should be able to logout directly from your custom MFA page.

Indeed, but my custom MFA page doesn’t have application context.

Auth0 Action does have it.

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.