Hi Alex,
Just letting you know how we do logout which may help in your case.
https://${context.request.hostname}/v2/logout?client_id=${context.clientID}&returnTo=https:///AuthzFail.htm
Instead hardcoding the Auth0 domain name in logout url we are reading from context object so we are sure that we don’t send to a different Auth0 Tenant/Instance (we have sandbox and prod in our org). And passing the client_id parameter with returnTo URL, beacuse the returnTo needs to be whitelisted logout url at client level. I think if we add the returnTo url at tenant level logout whitelisting we can avoid client_id parameter.
Cheers,
Karthick.