We wanted to have a workflow that when the user logs out, in a NextJS app, they are (as is typical) sent to /api/auth/logout. By default, this seems to not require re-authenticating with auth0. It’s unclear to me if this is the right workflow, but we implemented this solution to make that stronger (so we think): Logging out completely - #4 by allistair
But this periodically causes this issue:
The error message notes that this url is invalid, due to the returnTo not having a valid url (it is however in our allowed list as directed by the second two posts).
https://dev-FAKE.us.auth0.com/v2/logout?client_id=OURS_HERE&returnTo=http://localhost:3000 but if I look at the actual browser URL it’s (line break added after returnTo for clarity):
https://dev-FAKE.us.auth0.com/v2/logout?client_id=OURS_HERE&returnTo=
https%3A%2F%2Fdev-FAKE.us.auth0.com%2Fv2%2Flogout%3Fclient_id%3DOURS_HERE%26returnTo%3Dhttp%3A%2F%2Flocalhost%3A3000
Is the V2 endpoint incorrectly redirecting us? How do I resolve this? Ultimately I want users to need to login to Auth0 again, when they click logout. If that’s an incorrect way to think about this… what is better?
Thanks!