Thanks for the reply. I’ve read through the SSO docs. Is SSO enabled by default? The docs essentially says to use universal login, which most of the samples and quickstarts appear to already use. Just double checking in case I missed something, thanks.
I am also confused as to how to implement a single sign out. Again I’ve read the docs - Logout. The docs talk about clearing application, auth0 and IdP sessions.
However https://YOUR_AUTH0_DOMAIN/v2/logout does not appear to work. The example repos also do not use this auth0 endpoint, instead they only remove their relevant cookie entries.
So I tried to combine them but without success. My user was still logged in on the other app.
#JS code snippet
logout () {
// Clear access token and ID token from local storage
localStorage.removeItem('access_token')
localStorage.removeItem('id_token')
localStorage.removeItem('expires_at')
this.userProfile = null
this.authNotifier.emit('authChange', false)
window.location.replace('https://yourURLhere.auth0.com/v2/logout?returnTo=http%3A%2F%2Flocalhost:3000')
}
A code snippet as to how to implement a single sign out would be helpful.
Just thinking out loud (have not tried this) and doesn’t really solve OPs immediate problem, but: Would it be possible to implement single sign out with an OAuth enabled proxy? E.g., AWS load balancers now support OAuth for access control to resources behind the LB. Point the LB at an Auth0 client. User authenticates, SSO gets them into other apps behind the LB seamlessly. On logout, clear the LB token. Now the LB denies access to the other apps, even if the user has valid tokens for those apps.