When the user logout, and then login, is does not prompt the login screen. The user is automatically logged in without having to authenticate again.
I am following exactly the instructions of this guide: Auth0 Angular SDK Quickstarts: Login
Here is the logout method I am calling:
public logout(): void {
// Remove tokens and expiry time
this._accessToken = '';
this._idToken = '';
this._expiresAt = 0;
// Remove isLoggedIn flag from localStorage
localStorage.removeItem('isLoggedIn');
// Go back to the home route
this.router.navigate(['/']);
}
What could be wrong?
I am attaching a HAR file that recorded the login, logout and login (without the authorization screen) issue.
PS: The logout works in making the user lose its authentication. But it seems to not delete the cookie / token and re-authenticates the user on login without asking for credentials again.
public logout(): void {
// Remove tokens and expiry time
this._accessToken = '';
this._idToken = '';
this._expiresAt = 0;
// Remove isLoggedIn flag from localStorage
localStorage.removeItem('isLoggedIn');
// Go back to the home route
this.router.navigate(['/']);
this.auth0.logout({
returnTo: 'http://localhost:4200',
client_id: 'MY_CLIENT_ID'
The above is the correct solution: calling the logout method, which logs the user out of the authorization server and ends their Auth0 session. We will work on getting the applicable Quick Start instructions updated to make sure they include this!