Log out now unusually auto logging back in

Help
,
1

- What are you trying to achieve? What is the use case or idea behind it?

A previously working (for months) log out has now unusually started to auto log back in when I try and log users out.

- If this is caused by an SDK please mention the SDK along with the specific version number.

“auth0-js”: “8.11.3”,

- Is this easily reproducible? If not, please explain.

Yes - now doing it every time

- If this is related to Lock / any SDK please share the SDK as well as lock initialization code or any code that is relevant.

Using Auth0 hosted login

- If this is an issue with an API please mention the endpoint you are trying to hit. Relevant code, and or a network trace, is really helpful when debugging such issues.

- Environment-specific information (Which OS, Language Runtime + Version, Browser etc).

React SPA - very similar to this
https://github.com/auth0-samples/auth0-react-samples/blob/master/01-Login/src/Auth/Auth.js
Logout functionality is exactly the same as described by Auth0 samples

2

if you’re using the SDK, are you using prompt=none or checksession? Also how are you logging in the user?

3

So my constructor for auth0 is basically the same as the React SPA guide.

constructor() {
        let hostname = window.location.hostname;

        this.auth0 = new auth0.WebAuth({
            domain: process.env.AUTH0_DOMAIN,
            clientID: process.env.AUTH0_CLIENT_ID,
            redirectUri: `${window.location.protocol}//${hostname}/callback`,
            audience: `${process.env.AUTH0_AUDIENCE}`,
            responseType: 'token id_token',
            scope: 'openid profile app_metadata roles'
        });

        this.login = this.login.bind(this);
        this.logout = this.logout.bind(this);
        this.handleAuthentication = this.handleAuthentication.bind(this);
        this.isAuthenticated = this.isAuthenticated.bind(this);
        this.userHasScopes = this.userHasScopes.bind(this);
    }
  
    login() {
        this.auth0.authorize();
    }
  
    handleAuthentication() {
        this.auth0.parseHash((err, authResult) => {
            if (authResult && authResult.accessToken && authResult.idToken) {
                this.setSession(authResult);
                history.replace('/');
            } 
            else if (err) {
                console.log(err);
                alert(`Error: ${err.error}. Check the console for further details.`);
            }
        });
    }
4

Could you share a HAR-file (please make sure to remove any sensitive details such as passwords) so that we can inspect what’s going on further?

You can upload it to a cloud storage service of your choice (e.g. Google drive), and share the link with me (via PM) or feel free to restrict access to the link for only @auth0.com email addresses using Sharelock.io.

5

Thanks for sending that - we’re looking it over right now

6

Great thank you - let me know what I messed up :wink:

7

@james.heggs we are in the process of refactoring our session and state management to enable new features, and a validation done to improve the SSO experience had a bug. Since you were not logging out the user from auth0 (just deleting the state of your app), the user was being logged in automatically because of SSO.

You should be good to go now. Let me know if that is not the case!

8

Yep thats resolved it now thank you!!!

If it is a longer term fix – it might be worth taking a look at the React SPA guide and github code with the updates for logging out the session as well.

https://github.com/auth0-samples/auth0-react-samples/tree/master/01-Login

Thanks again

1 Like
9

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.