I figured out a solution to this. Here’s what I did.
The reason this isn’t working is because the Auth0 NextJS handleLogout just deletes the cookie set on your AUTH0_BASE_URL, but it doesn’t delete the cookie on your AUTH0_ISSUER_BASE_URL, so when you login after logging out, it redirects to that issuer url, sees a valid auth cookie and signs you right back in.
What I found is Auth0 has a /v2/logout endpoint that deletes the cookie from the issuer url, so if you redirect to that endpoint after the handleLogout it will also remove the cookie from your AUTH0_ISSUER_BASE_URL. Here’s my implementation.
/api/auth/[auth0]/route.ts
import { handleAuth, handleLogin, handleLogout } from '@auth0/nextjs-auth0';
const logoutUrl = [
`${process.env.AUTH0_ISSUER_BASE_URL}/v2/logout?`,
`client_id=${process.env.AUTH0_CLIENT_ID}`,
`&returnTo=${process.env.AUTH0_BASE_URL}`,
];
export const GET = handleAuth({
logout: handleLogout({ returnTo: logoutUrl.join('') }),
});