Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SDK-3887] Always honor auth0Logout config #1104

Merged
merged 3 commits into from
Mar 13, 2023
Merged

[SDK-3887] Always honor auth0Logout config #1104

merged 3 commits into from
Mar 13, 2023

Conversation

adamjmcgrath
Copy link
Contributor

See auth0/express-openid-connect#447

Description

The OIDC RP Initiated Logout endpoint is incompatible with Auth0's proprietary logout. Make sure this SDK does not use it if auth0Logout is configured and an end_session_endpoint is Discovered in the OIDC Discovery document.

Testing

If auth0Logout is true -> use v2/logout regardless of discovery
If auth0Logout is false -> use discovered endpoint or nothing
If auth0Logout is not set -> use v2/logout regardless of discovery (this is different from express as this is an auth0 SDK)

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not the default branch

@adamjmcgrath adamjmcgrath added the review:medium Medium review label Mar 10, 2023
@adamjmcgrath adamjmcgrath requested a review from a team as a code owner March 10, 2023 12:24
@vercel
Copy link

vercel bot commented Mar 10, 2023
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

1 Ignored Deployment
Name Status Preview Comments Updated
nextjs-auth0 ⬜️ Ignored (Inspect) Mar 10, 2023 at 4:08PM (UTC)

@adamjmcgrath adamjmcgrath mentioned this pull request Mar 10, 2023
Merged
@adamjmcgrath adamjmcgrath merged commit 765b835 into main Mar 13, 2023
@adamjmcgrath adamjmcgrath deleted the auth0-logout branch March 13, 2023 10:37
@adamjmcgrath adamjmcgrath mentioned this pull request Mar 13, 2023
Merged
@blakeplumb
Copy link

blakeplumb commented Mar 15, 2023
edited
Loading

@adamjmcgrath is there a way to set auth0Logout to false via an environment variable? We don't use the base config, and removing the default as false broke our logouts

@adamjmcgrath
Copy link
Contributor Author

Hi @blakeplumb - how did auth0Logout default break your logout, are you using this with a different identity provider than auth0?

@KentDi801
Copy link

@adamjmcgrath - I work with Blake. We are currently using @auth0/nextjs-auth0 because it gives us great support for doing OAuth2 auth in NextJS but we are using Okta as our Identity provider. When we go to logout it passes oauth2/default/v2/logout?returnTo=http in the url and we get a 404 error because our tenants to not support v2 for logout.

@adamjmcgrath
Copy link
Contributor Author

Hi @KentDi801 - we should have an environment variable for auth0logout, so you can set it to false. Will add a PR for that shortly.

@adamjmcgrath adamjmcgrath mentioned this pull request Mar 16, 2023
Merged
@adamjmcgrath
Copy link
Contributor Author

@KentDi801 @blakeplumb the AUTH0_LOGOUT environment variable is available in https://github.com/auth0/nextjs-auth0/releases/tag/v2.3.0

@KentDi801
Copy link

@adamjmcgrath thank you for the quick response on this.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Widcket Widcket Widcket approved these changes

Assignees
No one assigned
Labels
review:medium Medium review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@adamjmcgrath @blakeplumb @KentDi801 @Widcket