Logging Out of Android Using WebAuthProvider

Please include the following information in your post:

  • Which SDK this is regarding: com.auth0.android:lock:2.23.0 & com.auth0.android:auth0:1.27.0
  • Platform Version: Android 10

I cannot for the life of me get logout working. Seems to work when WebAuthActivity is used but when the CustomTabsController is used it does not.

What I am doing

I am logging in with the PasswordlessLockActivity like so which works fine:

val newLock = PasswordlessLock.newBuilder(account, lockCallback)
            .withAuthenticationParameters(mapOf("prompt" to "login"))
            .withScope("openid email profile")

I am not storing the access token returned so once I have used the access token to get the user’s email (if they have one) the access token is lost and not used anymore.

I believe I do need to use the WebAuthProvider to get rid of the SSO cookie. I do this like so:

            .start(context,object : VoidCallback {
                override fun onFailure(error: Auth0Exception) {
                    Timber.e(error,"Failed Auth0 logout")

                override fun onSuccess(payload: Void?) {
                    Timber.d("Successfully logged out of Auth0")

I have added multiple logout callback uris to my application on the dashboard. I have added multiple because I have different package names depending on whether I am running a debug or release variant. So the comma separated list looks something like this (substituting out placeholders)


I have debugged the calls and can confirm that the same uri the LogoutBuilder creates using the CallbackHelper.getCallbackUri method is included in the above list.

What I Expect

I expect to get a successful callback from the WebAuthProvider.logout method.

What is Happening

The WebAuthProvider callback is returning with an Auth0Exception.

The exception is returning with is the following and is created on line 48 of LogoutManager

    boolean resume(AuthorizeResult result) {
        if (result.isCanceled()) {
            Auth0Exception exception = new Auth0Exception("The user closed the browser app so the logout was cancelled.");
        } else {
        return true;

After following the code, it looks like AuthenticationActivity onResume is being called pretty much immediately and line 88 of AuthenticationActivity is getting called. I can also see its the CustomTabsController being used rather than the WebAuthActivity.

I have tested both on an emulator and my real device. Both have the same outcome.