Yes, although not without problems (the docs are very, so to speak, Auth0-y, i.e., incomplete and scattered in a few places; more specifically, this page does not even mention that I have to set up the “allowed logout url”, rendering it basically useless as a “starting guide”). Finally I did manage that, and the python app behaves correctly.
I found this in the quickstart guide for NodeJS:
This tutorial implements logout by closing the local user session. After logging out, the user’s session in the Auth0 authentication server is still open. For other implementations, please refer to the logout documentation.
This might explain the problem. Still, it is very strange - a “quickstart” should imho show how to set up a minimal, but complete app. An app without a possibility of logging out is far from that.
Anyway, referring to the docs didn’t help much - I tried what was written there:
To force a logout, redirect the user to the following URL:
https://DOMAIN/v2/logout
but my problem persisted. More precisely, I changed the logout url in the layout.pug
file:
a(href="/user" ).w3-bar-item.w3-button Profile
- a(id="qsLogoutBtn" href="/logout").w3-bar-item.w3-button Log Out
+ a(id="qsLogoutBtn" href="https://DOMAIN/v2/logout").w3-bar-item.w3-button Log Out
else
After logout, the browser now says just “ok” - but this is a lie, I’m still logged in.
After reading the docs, I added ?returnTo=http%3A%2F%2Flocalhost%3A3000
to the logout url, hoping that at least I will return to the app after the supposed logout, but now something new happens:
Oops!, something went wrong
There could be a misconfiguration in the system or a service outage.
Interesting.
Anyway, what do I do now?