Hi there, I am using Heroku and Node and have deployed mostly successfully. The logout has me really stumped. According to docs I should be passing a url like,
https://xxxxauth0tennantxxxx/v2/logout or https://YOUR_DOMAIN/v2/logout?returnTo=http%3A%2F%2Fwww.example.com
When I do, I get OK (it works) back. But I am using the below code from the Auth0 docs which builds the url including the port number.
router.get('/logout', (req, res) => {
req.logOut();
let returnTo = req.protocol + '://' + req.hostname;
const port = req.connection.localPort;
if (port !== undefined && port !== 80 && port !== 443) {
returnTo += ':' + port;
}
const logoutURL = new url.URL(
util.format('https://%s/v2/logout', process.env.AUTH0_DOMAIN),
);
const searchString = querystring.stringify({
client_id: process.env.AUTH0_CLIENT_ID,
returnTo: returnTo,
});
logoutURL.search = searchString;
res.redirect(logoutURL);
});
Heroku automatically assigns a port however so therefore everytime I try to logout I am met with an error of The "returnTo" querystring parameter "http://xxxxx.herokuapp.com:12345" is not defined as a valid URL in "Allowed Logout URLs".
I have tried to add every variant allowed logout url I can try but with no luck http://localhost:8000,http://*.herokuapp.com,https://*.auth0.com/v2/logout,https://*.auth0.com/,https://xxxxxxx.auth0.com I even tried setting app.set('trust proxy', 1); as some docs suggest for Heroku.
Please, how can I account for the dynamic port heroku assigns in my logout url?
Edit: I have tried this variant of the endpoint too
And I have tried to edit the endpoint call as
router.get('/logout', (req, res) => {
let returnTo = req.protocol + '://' + req.hostname;
const port = req.connection.localPort;
if (port !== undefined && port !== 80 && port !== 443) {
returnTo = process.env.NODE_ENV === 'production' ? `${returnTo}/` : `${returnTo}:${port}/`;
}
req.logout();
if (req.session) {
req.session.destroy(function(err) {
if (err) {
console.log(err);
}
console.log('Destroyed the user session on Auth0 endpoint');
res.redirect(req.protocol + '://' + process.env.AUTH0_DOMAIN + '/v2/logout?client_id=' + process.env.AUTH0_CLIENT_ID + '&returnTo=' + returnTo +' ');
});
}
});
I thought a wildcard before port would work but nope. http://*.herokuapp.com* in Allowed Logout URLs.
I am using a basic google login only, which Token Endpoint Authentication Method should I select for a regular web app?
I have tried to set the Allowed Logout urls to http://localhost*, http://*.herokuapp.com, https://*.auth0.com/v2/logout, https://*.auth0.com/, https://xxxxxxx.auth0*, http://xxxxxxx.herokuapp.com/*, https://xxxxxx.auth0.com/v2/logout* hoping that one would work but I keep getting the error described above.
It looks like Heroku keeps changing the port so I don’t know how to get the logout url. Please, any assistance would be much appreciated, last little step to get live! (I did fix the space being generated in the second eg). Oh and one other thing, should I be using SPA or web application? I have frontend which user can log in to to view content as well as a backend doing some tasks regularly. I have also tried enabling the SAML2 addon but n joy. Thanks in advance!