How to Enable the OIDC Logout URL in the Discovery URL

lihua.zhang · March 23, 2023, 8:10pm

Overview

This article explains how to enable the Open ID Connect (OIDC) logout URL to be available in the OIDC discovery endpoint.

curl -X GET https://acme.eu.auth0.com/.well-known/openid-configuration
{
  "issuer": "https://acme.eu.auth0.com/",
  "authorization_endpoint": "https://acme.eu.auth0.com/authorize",
  ...
  "end_session_endpoint": "https://acme.eu.auth0.com/oidc/logout"
}

Applies To

Open ID Connect (OIDC)
Logout URL

Cause

The Relying Party (RP)-initiated logout endpoint, also known as the OIDC Endpoint logout endpoint, is currently available for all Auth0 tenants. For Auth0 tenants created on or after 14 November 2023, RP-Initiated Logout End Session Endpoint Discovery is enabled by default.

Solution

Follow the video or steps below.

The OIDC Logout URL can be enabled in two ways:

Auth0 Dashboard
Management API

Auth0 Dashboard

Open the Auth0 Dashboard.
Navigate to Settings > Advanced.
Enable the toggle for RP-Initiated Logout End Session Endpoint Discovery.
Click Save.

rtaImage (29).jpeg1464×644 48.1 KB

Management API

By using the Update tenant settings Management API:
Set rp_logout_end_session_endpoint_discovery to true, E.g,

{
  "oidc_logout": {
    "rp_logout_end_session_endpoint_discovery": true
  }
}

Related References

Log Users Out of Auth0 with OIDC Endpoint

Topic		Replies	Views
OIDC Logout URL (end_session_endpoint) is Included in the Discovery URL by Default Knowledge Articles	1	500	January 25, 2024
Contact Auth0 Support to enable endpoint discovery Help tenant-management , support-center	6	609	December 21, 2023
Is OIDC logout url available by default in all IDP providers? Help apis , application	2	844	April 12, 2023
OpenID well-known configuration does not contain logout endpoint Help logout , configuration	3	6922	September 3, 2019
Missing end_session_endpoint in .well-known/openid-configuration Help configuration	2	5344	October 8, 2019