Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Regression in Auth0 logout #43

Closed
1 task done
Badisi opened this issue Mar 1, 2024 · 3 comments
Closed
1 task done

[BUG] Regression in Auth0 logout #43

Badisi opened this issue Mar 1, 2024 · 3 comments
Assignees
@Badisi
Labels
bug Something isn't working

Comments

@Badisi
Copy link
Owner

Badisi commented Mar 1, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues

Library version

latest

Description

The following patch is taking care of adding an end_session_endpoint for Auth0 so that logout can work:

auth-js/projects/auth-js/oidc/oidc-auth-manager.ts

Lines 472 to 490 in e81f20a

/**
* Auth0 does not conform to OIDC's logout session and as such does not provide an `end_session_endpoint`.
* This patch make sure the `end_session_endpoint` is set in that case.
* @see https://github.com/damienbod/angular-auth-oidc-client/issues/1197
* @see https://auth0.com/docs/api/authentication#logout
*/
private patchAuth0Logout(): void {
if (this.settings.authorityUrl.endsWith('auth0.com')) {
const { authorityUrl, clientId, desktopNavigationType } = this.settings;
const returnTo = (desktopNavigationType === DesktopNavigation.POPUP) ?
this.settings.internal?.popup_post_logout_redirect_uri :
this.settings.internal?.post_logout_redirect_uri;
this.settings.internal = merge({}, {
metadataSeed: {
end_session_endpoint: `${authorityUrl}/v2/logout?client_id=${clientId}&returnTo=${returnTo}`
}
}, this.settings.internal);
}
}

The following PR in oidc-client-ts introduced the add of client_id to logout requests:
authts/oidc-client-ts#1038

Results is a duplicate of client_id in the url and a crash of Auth0 "Oops something went wrong".

So client_id can be safely removed from the patch.
@Badisi Badisi added bug Something isn't working needs triage and removed needs triage labels Mar 1, 2024
@Badisi Badisi self-assigned this Mar 1, 2024
@Badisi Badisi closed this as completed in e5649a6 Mar 1, 2024
@Badisi
Copy link
Owner Author

Badisi commented Mar 1, 2024

Actually the whole patch can be removed as Auth0 now provides a support for end session.

https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0

For Auth0 tenants created on or after 14 November 2023, RP-Initiated Logout End Session Endpoint Discovery is enabled by default.

You can enable RP-Initiated Logout End Session Endpoint Discovery in the Auth0 Dashboard or with the Auth0 Management API.

Badisi added a commit that referenced this issue Mar 1, 2024
@Badisi
fix(#43): regression in Auth0 logout
d41091a 
Fixes #43
@Badisi
Copy link
Owner Author

Badisi commented Mar 7, 2024

🎉 Released in @badisi/[email protected] 📦🚀

@Badisi
Copy link
Owner Author

Badisi commented Mar 7, 2024

🎉 Released in @badisi/[email protected] 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Badisi Badisi

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Badisi