Nextjs application - unable to SSO login as different user after logout

JWT.io
, ,
1

Hi,
I using GitHub - auth0-developer-hub/web-app_nextjs_typescript_hello-world to test logout for my setup.

I have an Auth0 Web Application with an Okta Workspace Enterprise connection.

Repro:
Open http://localhost:4040 in incognito window.
Auth0 Login page enter username userA@example.com
Click Continue and get redirected to Okta login page - username field is prepopulated with userA@example.com
Enter password, click Sign In.
Redirected to http://localhost:4040/profile, which displays correct userA profile data.
Click Logout (http://localhost:4040/api/auth/logout).
Redirected to home page and the “Log In” button is visible.
Click “Log In” and enter username userB@example.com
Click Continue and am redirected to http://localhost:4040/profile showing userA profile.

Unless I close and reopen the incognito window I do not get an Okta login page for userB@example.com

Here’s my config generated using the Auth0 CLI:

resource "auth0_connection" "example" {
  display_name         = "example"
  name                 = "example"
  realms               = ["example"]
  strategy             = "okta"
  options {
    client_id                              = var.myapp_client_id
    client_secret                          = var.myapp_client_secret
    domain                                 = "<my-okta-tenant>.okta.com"
    domain_aliases                         = ["example.com", "myco.com"]
    scopes                                 = ["email", "openid", "profile"]
    issuer                                 = "https://<my-okta-tenant>.okta.com"
    authorization_endpoint                 = "https://<my-okta-tenant>.okta.com/oauth2/v1/authorize"
    jwks_uri                               = "https://<my-okta-tenant>.okta.com/oauth2/v1/keys"
    token_endpoint                         = "https://<my-okta-tenant>.okta.com/oauth2/v1/token"
    userinfo_endpoint                      = "https://<my-okta-tenant>.okta.com/oauth2/v1/userinfo"
    connection_settings {
      pkce = "auto"
    }
  }
}

resource "auth0_client" "my_web_app" {
  allowed_logout_urls                   = ["http://localhost:4040"]
  allowed_origins                       = ["https://<my-auth0-tenant>.us.auth0.com", "http://localhost:4040"]
  app_type                              = "regular_web"
  callbacks                             = ["http://localhost:4040/callback"]
  grant_types                           = ["authorization_code", "refresh_token"]
  is_first_party                        = true
  name                                  = "My App"
  oidc_backchannel_logout_urls          = []
  oidc_conformant                       = true
  organization_require_behavior         = "post_login_prompt"
  organization_usage                    = "require"
  sso                                   = true
  sso_disabled                          = false
  web_origins                           = ["https://<my-auth0-tenant>.us.auth0.com", "http://localhost:4040"]
  jwt_configuration {
    alg                 = "RS256"
    lifetime_in_seconds = 36000
    scopes              = {}
    secret_encoded      = false
  }
  refresh_token {
    expiration_type              = "expiring"
    idle_token_lifetime          = 2592000
    infinite_idle_token_lifetime = false
    infinite_token_lifetime      = false
    leeway                       = 10
    rotation_type                = "rotating"
    token_lifetime               = 31557600
  }
}