OIDC Logout URL (end_session_endpoint) is Included in the Discovery URL by Default

Problem statement

The OIDC Logout URL (end_session_endpoint) is included in the discovery URL by default. This article explains whether it can be disabled.

Cause

OIDC Logout URL (end_session_endpoint) is included in the discovery URL by default for recently created tenants.

For example, it is enabled for tenants created on November 2023 by default, whereas it is not enabled for tenants created on May 2023 (Please reach out to Auth0 Support to have it enabled).

Solution

It is recommended to use the newer /oidc/logout endpoint whenever possible. Please consider disabling the Logout confirmation prompt. It’s in Tenant settings > Advanced > disable the “Show RP-Initiated Logout Prompt” toggle .

Please see: Use the OIDC Endpoint to Log Users Out of Auth0.

It cannot be disabled; however, it’s possible to control the behavior of the end_session_endpoint via management API.

Update tenant settings - PATCH /api/v2/tenants/settings
https://auth0.com/docs/api/management/v2/tenants/patch-settings

{
  "oidc_logout": {
    "rp_logout_end_session_endpoint_discovery": false
  }
}