Logout of Upstream Identity Provider

So I’m using the latest Android SDK for Auth0. Here’s my problem. I am overseeing development of an app that uses a service for analytics. The client we are building this for uses Okta for authentication and identity. So Okta is setup OIDC to our Auth0 account.

Everything works fine until we go to log out (using WebAuthProvider.logout()). Because on pushing the login button and calling the WebAuthProvider.login(), it instantly logs the user back on to whatever they were previously logged in as; they can’t login as a different user.

My understanding is that it’s closing the Auth0 session but the Okta session upstream is still open and somewhere in memory or in the cookie store there is something tracking that session. Because the only way I can sign in as a different user is to logout and then reboot the entire phone.

We don’t want Single Sign-On behavior, even though that seems to be what’s being caused by using Okta. We really just want authentication, every single time they logout or delete/re-install the app. I seem to be really limited in what I can do to customize the authentication behavior with the Android SDK.

How am I supposed to get Auth0 to kill the upstream session with Okta so that on logout the user can sign back in with another account if they choose?

WebAuthProvider.login(auth0)
        .withScheme("MY_SCHEME")
        .withAudience("https://analytics_service")
        .withScope("openid profile offline_access email")
        .withConnection("upstream-okta")
        .start

WebAuthProvider.logout(auth0)
            .withScheme("MY_SCHEME")
            .start

Hi Benjamin,

Welcome to the Auth0 community!

We don’t support federated logout in the Android SDK, but if you want users to be able to select which account they sign in with on login, try add .withParameters("prompt=login") to your .login()

https://auth0.com/docs/api/authentication?http#authorization-code-flow-with-pkce