I have 2 applications, react+node and a hubspot application
i have used auth0 for sso for both the apps and registered the applications in a same tenant.
the react+node setup uses express-openid-connect in the node app for authentication
now when a user logs out from any of the application (hubspot or react), i want to invalidate the other application’s session and the underliying auth0 session as well
I was able to invalidate underlying auth0 session in express app, but still it doesnt invalidate hubspot session
and in hubspot’s case, it doesnt clear underlying auth0 session as well as react session
To invalidate the Auth0 Session Layer, your user needs to hit the /logout endpoint. Can you confirm that the log out is hitting that endpoint successfully?
Additionally, the application session needs to be invalidated (by deleting or expiring tokens). This is a bit more complex, because there is no Single Logout Feature for auth0 database connections (yet).
This is a heads-up that we’re hosting an Ask Me Anything (AMA) session dedicated to Auth0 sessions, refresh tokens, and the Management API. Our product experts will be on hand February 12, 2025, from 8 AM to 10 AM PST to answer all your questions—no matter how basic or advanced they may be! You can submit your queries anytime from now until February 11, and we’ll provide detailed written answers during the live event.
This is a fantastic opportunity to learn best practices around session management, refresh token rotation, and the Management API. Plus, everyone who participates gets points and a special badge just for joining in on the fun.
If you have any burning questions (or even casual curiosities!), feel free to drop them in this thread. We can’t wait to see what you’re working on and how we can help you optimize your Auth0 setup. See you there!
