Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[SDK-3887] Always honor auth0Logout config #1104

Merged
merged 3 commits into from
Mar 13, 2023
Merged

[SDK-3887] Always honor auth0Logout config #1104

merged 3 commits into from
Mar 13, 2023

Conversation

adamjmcgrath
Copy link
Contributor

See auth0/express-openid-connect#447

Description

The OIDC RP Initiated Logout endpoint is incompatible with Auth0's proprietary logout. Make sure this SDK does not use it if auth0Logout is configured and an end_session_endpoint is Discovered in the OIDC Discovery document.

Testing

If auth0Logout is true -> use v2/logout regardless of discovery
If auth0Logout is false -> use discovered endpoint or nothing
If auth0Logout is not set -> use v2/logout regardless of discovery (this is different from express as this is an auth0 SDK)

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@adamjmcgrath adamjmcgrath added the review:medium Medium review label Mar 10, 2023
@adamjmcgrath adamjmcgrath requested a review from a team as a code owner March 10, 2023 12:24
@vercel
Copy link

vercel bot commented Mar 10, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Comments Updated
nextjs-auth0 ⬜️ Ignored (Inspect) Mar 10, 2023 at 4:08PM (UTC)

@adamjmcgrath adamjmcgrath mentioned this pull request Mar 10, 2023
Merged
@adamjmcgrath adamjmcgrath merged commit 765b835 into main Mar 13, 2023
@adamjmcgrath adamjmcgrath deleted the auth0-logout branch March 13, 2023 10:37
@adamjmcgrath adamjmcgrath mentioned this pull request Mar 13, 2023
Merged
@blakeplumb
Copy link

blakeplumb commented Mar 15, 2023
edited
Loading

@adamjmcgrath is there a way to set auth0Logout to false via an environment variable? We don't use the base config, and removing the default as false broke our logouts

@adamjmcgrath
Copy link
Contributor Author

Hi @blakeplumb - how did auth0Logout default break your logout, are you using this with a different identity provider than auth0?

@KentDi801
Copy link

@adamjmcgrath - I work with Blake. We are currently using @auth0/nextjs-auth0 because it gives us great support for doing OAuth2 auth in NextJS but we are using Okta as our Identity provider. When we go to logout it passes oauth2/default/v2/logout?returnTo=http in the url and we get a 404 error because our tenants to not support v2 for logout.

@adamjmcgrath
Copy link
Contributor Author

Hi @KentDi801 - we should have an environment variable for auth0logout, so you can set it to false. Will add a PR for that shortly.

@adamjmcgrath adamjmcgrath mentioned this pull request Mar 16, 2023
Merged
@adamjmcgrath
Copy link
Contributor Author

@KentDi801 @blakeplumb the AUTH0_LOGOUT environment variable is available in https://github.com/auth0/nextjs-auth0/releases/tag/v2.3.0

@KentDi801
Copy link

@adamjmcgrath thank you for the quick response on this.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@Widcket Widcket Widcket approved these changes

Assignees
No one assigned
Labels
review:medium Medium review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@adamjmcgrath @blakeplumb @KentDi801 @Widcket