JavaScript library auth0-spa-js : logout does not work, user stays logged in.

The user can log in correctly but the logout does not work. I have tried v1.8, v1.9 the latest 1.13. I have also tried https://your-tenant-name.auth0.com/v2/logout?returnTo=the-url-you-want-to-go-back-to-after-logout&client_id=client-id-of-the-application-in-your-tenant without success.

After the call to auth0.logout, the user is redirected to the local start page and auth0.isAuthenticated correctly shows as false. However, when auth0.login is called the user is taken to the callback page with the user automatically logged in. There was no prompt for the username/password.

Hi @teresahoes,

Welcome to the Community.

How are you implementing logout? Did you use a quickstart?

Hi Dan

We are using the auth0-spa-js library inside an old MVC .Net web app. The first time in a new browser or the next day, the first login process works fine the first time but can never log out correctly.

  • The user clicks log in

auth0.loginWithRedirect({redirect_uri: mrc_auth0RedirectUri})

  • The Auth0 login page appears, the user logs in and then redirected to the call back page (for testing I am using the same page for the redirect, the behavior is the same with a different callback page)
  • The user is now logged in, can view the user name etc.
  • The user clicks log out

auth0.logout({ client_id: ‘xxxx’, returnTo: mrc_auth0RedirectUri });

  • The user is logged out - auth0.isAuthenticated() returns false
  • The user clicks log in

auth0.loginWithRedirect({redirect_uri: mrc_auth0RedirectUri})

  • The client page is refreshed and the user is now logged in without having to enter credentials.
  • auth0.handleRedirectCallback() returned correctly and auth0.getUser() returned the logged in user information.

Starting a new incognito browser does display the Auth0 login screen for the first time. Using edge has the same behavior.

1 Like

I’ve seen a similar behavior with Auth0 React which is a wrapper around the SPA code.

Chrome Regular Window

  1. Login
  2. Auth0 login displayed
  3. User is logged in
  4. Close browser window
  5. Open browser window and navigate to site
  6. User is STILL logged in

Chrome Incognito Window

  1. Login
  2. Auth0 login displayed
  3. User is logged in
  4. Close browser window
  5. Open browser window and navigate to site
  6. User is NOT logged in

In our situation the Incognito behavior is what our business process calls for but we have not been able to figure out how to implement the behavior in the regular browser window.

1 Like

Thanks for adding to the conversation @MHC-Pels.

Can one of you try running an unmodified quickstart and see if you still have the same behavior?

Also, does it also happen in other browsers? Safari, Firefox etc.