Auth0 Home Blog Docs

Logout URL access denied - CORS error

#1

Hi,

Details:
I was reading the Auth0 docs regarding logging out a user. Currently, my Auth0 logout function logs out the user and redirects to a URL. Since I am building a single page application with Angular, I am trying to avoid redirecting by URL.

Error:
When calling the logout URL: https://my-domain.auth0.com/v2/logout, I get a CORS (‘Access-Control-Allow-Origin’) error saying the request has been blocked from origin http://localhost:4200. I have included the URLs in the Allowed Callback URLs and Allowed Origins (CORS). Though I still get the errors when calling the URL through JavaScript. Using Postman, I get the correct response but it does not logout the user from Auth0. However, if I go to the browser and type the logout URL: https://my-domain.auth0.com/v2/logout, I get the OK response and it correctly logs out the user from Auth0.

Is there a way to logout the user from Auth0 without redirecting?

Thank you.

#2

Hi!

I don’t think you need to call the endpoint yourself, you can see an example of logout here inside the AuthService.
In SPAs you just have to remove the data you see in the logout method and redirect as you want.

Hope it helps!

#3

In case of the ‘Seamless SSO’ that you have introduced I think it is necessary to call the logout endpoint manually. I also have the problem with CORS error when I call it from inside of my application, while the logout works fine when I just paste the URL to the browser bar and run it. Hope you can update the guides because after you introducted the the feature almost behind the scenes the guides are outdated and just removing the storage does not log out the user from Auth0 session so one cannot for example log in to different account. Waiting for the answer.

1 Like
#5

Without calling https://my-domain.auth0.com/v2/logout , next time system tries to login with current account, and it imposible to switch to another one.

#6

Do you have any solution to this? I am still getting CORS issue with logout.

#7

Hey! Did you find any solution to this problem? I still am facing the same issue.
Thanks.

#8

Hi!

Sorry for the long delay, lost the track of this thread :raised_back_of_hand:

My previous answer was wrong, you do have to redirect to logout the user properly (https://auth0.com/docs/logout/guides/logout-auth0), the way to do it using auth0.js is with this method: https://auth0.com/docs/libraries/auth0js/v9#logout

It’s stated in those docs but I’ll highlight that you have to register an Allowed Logout URL in the dashboard either in your specific Application or globally in the tenant settings.

If you want to avoid the redirect you could try calling the logout endpoint in an iframe (inside your app) but bear in mind that this would be a workaround and is not supported in the SDK.

Let me know if this is helpful and sorry again for the delay!

Thanks!

1 Like