Context:
I’m using the auth0-js-spa SDK in my application. I have a unique use case: log the user out, remain on the same page, and perform an additional API call. I do not wish to use any redirects for the logout process.
Problem Statement:
I’ve noticed that using logout() with openUrl: false clears my app’s state but not the Auth0 session. From what I understand, /v2/logout is the URL responsible for clearing the Auth0 session, and it appears that when openUrl is specified as false, the SDK doesn’t visit the logout URL.
What I’ve Tried:
I experimented with passing a function to openUrl that opens /v2/logout in a hidden iframe. It seems to clear the Auth0 session, but I want to ensure that this is a robust solution.
Questions:
- Does Auth0 natively support the use case described above?
- Is the hidden iframe approach a robust solution for clearing the Auth0 session, or are there better alternatives?
Any guidance or suggestions would be highly appreciated