Closed davidiwu closed 1 year ago
frederikprijck
commented
1 year ago Thanks for reaching out, Can you verify the federated querystring parameter is added to the logout request?
Have you configured your client id and client secret for google, as mentioned here https://auth0.com/docs/authenticate/login/logout/log-users-out-of-idps#limitations ?
davidiwu
commented
1 year ago Thanks for reaching out, Can you verify the
federatedquerystring parameter is added to the logout request?
I am not able to verify this on WinForms as all http requests are not visible. not like on a browser we have the devtool to see all the requests.
I used this statement: await client.LogoutAsync(federated: true); per the doc that this should add the 'federated' querystring to the logout url.
Have you configured your client id and client secret for google, as mentioned here https://auth0.com/docs/authenticate/login/logout/log-users-out-of-idps#limitations ?
Yes, I have configured my client id and client secret for google on google cloud console. also I have tried your vuejs spa sdk for this google idp, and the federated logout is working there.
frederikprijck
commented
1 year ago I don't see why our SDK would not add the federated query parameter when you set federated to true. We need to be sure the parameter isn't passed, if it is it doesn't seem to be an issue with our SDK and we need to look for a resolution more on Auth0 or google side.
not like on a browser we have the devtool to see all the requests.
There are tools available that allow you to monitor HTTP traffic on your PC, even for applications such as WinForms. You can try tools such as Wireshark, Fiddler, ...
Do the Auth0 logs give you any information regarding what's happening? Does it perhaps show the federated parameter for any of the logs regarding the logout call?
davidiwu
commented
1 year ago There are no logs from auth0 during logout. And those are HTTPS traffic, I don't think we can monitor HTTPS traffic from Wireshark without some hacking.
It is very easy to reproduce this issue, perhaps you can give the demo a go. I think maybe this has something to do with the sdk close the logout window prematurely.
frederikprijck
commented
1 year ago Hey,
I gave this a try using our example application, which you can find here.
After configuring my Google credentials in Auth0, I tried the following steps:
Without federated
With federated
It seems that federated works for me when trying with that sample application. Would you have any additional information we can use to try and reproduce this?
davidiwu
commented
1 year ago I tried your example, and the federated logout did work.
I compared my code with the example, and the only difference I can find is: I am targeting my project to netcore
<TargetFramework>netcoreapp3.1</TargetFramework>
and your example is targeting netframework.
So maybe that is the problem.
Thanks for the reply. I can continue with my tests now.
ZenwalkerD
commented
4 months ago Dear All,
I am on .NET 8 and winforms. I am using OIDC lib ver 4 and still having the same issue. The federated logout does not work. Yes i am using provided example application and changed clientiD and other configurations.
Describe the problem
federated logout is not working when using Auth0.OidcClient.WinForms for google idp (and azure ad):
await client.LogoutAsync(federated: true);
after above logout call, I did not logout from google, next time login, I do not need to input my google account and get login directly.
What was the expected behavior?
when I logout(federated), I hope to logout google idp as well, so next time login I need to input my google account to login
Reproduction
using the demo app provided here: https://auth0.com/docs/quickstart/native/wpf-winforms
keep the demo code unchanged, only change the logout as federated:
await client.LogoutAsync(federated: true);
then add a google idp and use it to login then logout, you will notice the federated logout is not working
Environment
-Version of this library used: "Auth0.OidcClient.WinForms" Version="3.2.7"