How to Enable the OIDC Logout URL in the Discovery URL

lihua.zhang · March 23, 2023, 8:10pm

Problem statement

This article explains how to enable the OIDC logout URL to be available in the OIDC discovery endpoint.

curl -X GET https://acme.eu.auth0.com/.well-known/openid-configuration
{
  "issuer": "https://acme.eu.auth0.com/",
  "authorization_endpoint": "https://acme.eu.auth0.com/authorize",
  ...
  "end_session_endpoint": "https://acme.eu.auth0.com/oidc/logout"
}

Cause

The RP-initiated logout endpoint, also known as the OIDC Endpoint logout endpoint, is currently available for all Auth0 tenants. However, the URL is unavailable in the tenant’s OIDC discovery endpoint yet to protect the users unexpectedly bouncing into the new logout UX in Auth0’s Next.js and Express SDKs. This will change with the future releases of SDKs.

Solution

Update tenant settings Management API can be used to enable this feature.

Set rp_logout_end_session_endpoint_discovery to true, E.g.:

{ "oidc_logout": { "rp_logout_end_session_endpoint_discovery": true } }