Logout after Resource Owner Password login

The resource owner password credentials grant is stateless from the perspective of the identity provider/authorization server (in this case your Auth0 domain). This means that there’s no authentication session established as part of the flow so the /v2/logout endpoint is not applicable to this particular case.

In the case of this grant the only thing you need to clean from your side is the actual token. In particular if your web application establishes an authentication session based on the outcome of the grant and stores the issued access token then performing a logout from your application will only imply you removing those stored tokens and terminating the session.

From your description of the issue I also get an impression that there is a clear distinction from back-end (API) and front-end so this grant might not even the most suitable for your scenario. However, in the cases where the grant is applicable the previous holds; there is no session to remove at the identity provider so you only need to clean your own. If you’re looking for revocation of access tokens then that is a somewhat different subject because it is applicable to all grants and may not be related with sessions at all; as an additional note, at this time there is no built-in support for revocation of access tokens.

1 Like