I have an issue with getting logout working in Angular SPA.
- I use angular auth0 SDK
- We use refresher tokens and cache location = localStorage, because Safari did not hold the login
- The ‘Allowed Logout URLs’ is equal to redirectTo parameter of logout function
Here is the code we are using, very straightforward
- Everything seems to be working, the page refreshes and the user is no longer logged in
- However, if I simply reload the page or do login with this.authService.loginWithRedirect(); the user is logged immediatelly back in
- On “logout”, neither cookie nor local storage is cleared at all
What am I doing wrong? Do I need to send the client_id and localOnly = false when I log out? I don’t believe it is described anywhere, but I will try that.
Ok, the addition of client_id and localOnly to logout did NOT help.
// eslint-disable-next-line @typescript-eslint/naming-convention
I will also try the last 2 tips from here: Check Login and Logout Issues
- Make sure that the logout redirect URL is different from the login callback URL.
- Make the logout redirect URL an anonymous page (not protected by login) so that redirects to the logout redirect URL do not immediately trigger a login, which may confuse users.
So, it seems the issue was that I had the onClick handler on an anchor element (a) with empty href attribute:
<a href="" ng-click="authService.logout(...)">Logout</a>
At least after changing this to a span element, the issues stopped. So, if anyone has similar issues, you can try this first.