Problem with logout - returnUri same as redirectUri

pb2023 · January 17, 2024, 7:00am

After I implemented callback.php “correctly”, my login process and authentication process are working properly.

But I have problem with my logout process.

I set up my Allowed Callback URLs to ‘https:/mydomain.com/callback.php’ and redirectUri to ‘https://’ . $_SERVER[‘HTTP_HOST’] . ‘/callback.php’, but when I want to logout then there is used the same returnUri (…logout?returnTo=…callback) as redirectUri and it wrotes me error:

There could be a misconfiguration in the system or a service outage. We track these errors automatically, but if the problem persists feel free to contact us.

My Allowed Logout URLs is https:/mydomain.com

Can you please advise me?

pb2023 · January 17, 2024, 3:57pm

So I find one way, but I do not know if it is the best one? I just add to my logout.php especially to logout() function my domain, which is the same like Alliwed Logout URL. Before it was empty.

header(sprintf(‘Location: %s’, $sdk->logout(‘https://mydomain.com’)));

This is logout.php

<?php

declare(strict_types=1);

// Required stuff
require_once $_SERVER['DOCUMENT_ROOT'] . '/../private/config.php';

/**
* Clear application session and redirect to the Auth0 logout endpoint.
*
* The user will be redirected to your index route afterward.
*/

header(sprintf('Location: %s', $sdk->logout('https://mydomain.com')));

marcelina.barycka · January 18, 2024, 9:55am

Hi @pb2023 , thank you for sharing!

Looks good to me!

Maybe one suggestion - you can set the logout URL as a route constant:

use Steampixel\Route;
define('ROUTE_URL_LOGOUT', ROUTE_URL_INDEX . '/logout');

and then use the value under ROUTE_URL_INDEX to call the Auth0 logout endpoint:

Route::add('/logout', function() use ($auth0) {
    // Clear the user's local session with our app, then redirect them to the Auth0 logout endpoint to clear their Auth0 session.
    header("Location: " . $auth0->logout(ROUTE_URL_INDEX));
    exit;

To check if this is working correctly, you could inspect the network request when a user is logging out to see if the /logout request has the returnTo parameter set to a desired value.

Is this working for you?

pb2023 · January 18, 2024, 1:30pm

Thank you for reply, but I have also problem with router.php. It is not working for me. I used code form quickstart but it does nothing. I already created separated thread for this issue but I did not get any response.

<?php

  declare(strict_types=1);

  use Steampixel\Route;

  Route::add('/', function() use ($sdk) {
    require('profile.php');
  });

  Route::add('/login', function() use ($sdk) {
    require('login.php');
  });

  Route::add('/callback', function() use ($sdk) {
    require('callback.php');
  });

  Route::add('/logout', function() use ($sdk) {
    require('logout.php');
  });

  Route::run('/');