Problem statement
This article explains how to enable the OIDC logout URL to be available in the OIDC discovery endpoint.
curl -X GET https://acme.eu.auth0.com/.well-known/openid-configuration
{
"issuer": "https://acme.eu.auth0.com/",
"authorization_endpoint": "https://acme.eu.auth0.com/authorize",
...
"end_session_endpoint": "https://acme.eu.auth0.com/oidc/logout"
}
Cause
The RP-initiated logout endpoint, also known as the OIDC Endpoint logout endpoint, is currently available for all Auth0 tenants. However, the URL is unavailable in the tenant’s OIDC discovery endpoint yet to protect the users unexpectedly bouncing into the new logout UX in Auth0’s Next.js and Express SDKs. This will change with the future releases of SDKs.
Solution
Update tenant settings Management API can be used to enable this feature.
Set rp_logout_end_session_endpoint_discovery
to true
, E.g.:
{ "oidc_logout": { "rp_logout_end_session_endpoint_discovery": true } }