I’m looking at the docs for logging a user out of Auth0. Where in the request is the user specified? I always get a 200 status code with an OK body, but how does Auth0 know which user to log out?
@bugged this endpoint relies on the Auth0 session cookie to log a user out. To use this endpoint you must redirect a user to that endpoint (front channel logout). When the user is redirected to that endpoint the browser will automatically send the SSO cookie. Then Auth0 will find the user and destroy their session. If you provide a returnTo parameter with the URL then Auth0 will redirect the user back to that URL (if whitelisted in you management dashboard) after destroying the session on Auth0’s side.
I have an an ASP.NET Web API (OWIN). It used to be an MVC application, and there are still account controller actions (e.g. Login, Logout, etc) whose logic the (now separated) client depends on. I’ve mapped these endpoints to Auth0 on the backend and things are working OK except for Logout.
Based on your suggestion above, I’ve implemented the Logout action to return a RedirectResult using the Auth0 logout URL.
public IHttpActionResult Logout()
{
... // other server-side logout logic
return RedirectResult(new Uri("https://dummy.auth0.com/v2/logout");
}
However, I get the following error from the browser when calling my Logout action.
Failed to load https://dummy.auth0.com/v2/logout: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.
I understand it’s a CORS issue, and I’ve added https://*.dummy.com to the Allowed Origins (CORS) application setting in the dashboard, but I’m still getting the error.
Is there anything I’m missing?
@bugged this is an odd response for logout. CORS issues happen during an XHR instead of a typical GET to your logout endpoint. Are you invoking the logout as an XHR?