Log the user out of auth0 session after getting 401 response in nextjs sdk

  • Which SDK this is regarding: @auth0/nextjs-auth0
  • SDK Version: 1.6.1
  • Platform Version: Node 14

Hi! I’m trying to find a way to log the user out of auth0 session after getting 401 response from the API. What I do is I call window.location.assign('/api/auth/logout') after unauthorized response (because app session expired) but I don’t get logged out from auth0 session. This case is handled in this file nextjs-auth0/logout.ts at main · auth0/nextjs-auth0 · GitHub and it looks like condition on line 27 is true (when this is called after getting 401 response earlier from the API) so endSessionUrl is not called and user is not logged out of auth0 session.
After calling /api/auth/logout when the user is logged in in the app, same condition is false and the user gets logged out of auth0 session.
So my question is, is there any way to achieve what I want? And if it’s not supported do you think it makes sense to handle such case?

2 Likes

I’m experiencing the same issue. After following this example, once the user logs in, and are redirected to the unauthorized page, the client is unable to fully logout.

From what I’ve gathered, there are cookies being stored at https://.auth0.com/ and they are not being deleted despite visiting /api/auth/logout. Of course, it’s not possible to delete them from the main application because the different urls do not have access to such cookies.

We’ve got exactly the same issue and I am not sure how to handle that. Shouldn’t the UserProvider handle the expiration and redirection automatically?

My colleague found another community forum post about this same issue and the solution was to add this authorizationParams: { prompt: 'login' }, to the handleLogin function.

It should look something like this:

    handleLogin(req, res, {
        authorizationParams: { prompt: 'login' },
        returnTo: '/',
    })

The Auth0 team which maintains this project on github said that in such cases, in order to log the user out of auth0 session, I should call auth0 API directly Logout handler does not call the auth0 logout endpoint if the user is unauthorized · Issue #362 · auth0/nextjs-auth0 · GitHub. Haven’t tried the solution with authorizationParams yet.