I’m not using the ‘auth0.js’ cuz I’m building a regular web app with token based authentication. I try calling this
GET https://YOUR_AUTH0_DOMAIN/v2/logout?
client_id=YOUR_CLIENT_ID&
returnTo=LOGOUT_URL
in my front-end and back-end, but nothing seem to work cuz I still can login straight away without going through the permission asking page of IdP at least.
Am I missing something? is it the ‘auth0Client’ query parameter?
Hello @oldjoy,
Are you making sure to clear both the app and Auth0 session data? (and IdP session if you are using an external IdP?)
Thanks @markd for the response.
I’m authenticating with google IdP.
I seem to be having trouble clearing Auth0 session data cuz after logging out, I still can go straight to my app when calling the /authorize again.
In my react, I log out like this:
logout = () => {
localStorage.removeItem("expires_at");
goFetch("/logout"); // will call my server to remove the access_token cookie
window.location.href = `https://mari.eu.auth0.com/v2/logout?client_id=${
process.env.AUTH0_CLIENT_ID
}&returnTo=http://localhost:8081/`;
};
Here I clear the cookie in my nodejs:
server.get("/logout", (req, res) => {
// removes cookie by setting expires date to the past
res.cookie("access_token", "", {
expires: new Date(0),
path: "/"
});
});
And I sign up/sign in with google in my landing page:
<a href="https://mari.eu.auth0.com/authorize?response_type=code&scope=openid profile offline_access&client_id=ID&connection=google-oauth2&redirect_uri=http://localhost:3000/callback&audience=http://localhost:3000">Signup />