Clear login cache

[ghost]

Hello, How do I clear the login cache for auth0? This way I can use multiple facebook/google accounts for testing purposes.

Thanks!

[jerriep]

There is nothing out of the box that does this. Can you tell me which platform you are using? (WPF/WinForms/Android etc)

[ghost]

I am using Android and iOS. The previous Client SDKs were able to clear login cache by calling Auth0Client.Logout();

[jerriep]

Currently there is no built-in way to Lock the user out of the browser session. You will need to redirect the user to the Logout endpoint yourself. Please see the Logout documentation: https://auth0.com/docs/logout

I will add a feature request for adding Logout support

[gitizenme]

What is the status of this issue?

[jerriep]

@gitizenme This is still not in place. I am working on V2 of this library but it still requires quite a bit of testing (especially on the Xamarin Forms side) but I am struggling to find users being able to test that for me.

The plan, for now, is to look into the possibility of adding this to V2. In the meantime the same advice as above applies, and you will need to redirect the user yourself in the browser to the Auth0 logout endpoint.

[jerriep]

@gitizenme Also, adding to the above comment, the move to V2 may actually at the same time make it a bit difficult. In order to get things to work properly with Xamarin Forms, I had to move over to using SFAuthenticationSession on the iOS side.

But there does not appear to be a way to delete the session cookies when using SFAuthenticationSession.

So, this may actually not be forthcoming soon.

[gdavalos]

Hi, I'm using the oidc client from a Winforms app, is there any way to do the logout in it?

For example, currently if I login to my google account in my app, next time I login I can try logging in with another identity provider just fine, but I can't try logging in to a different google account because my previous credentials are stored somewhere

[jerriep]

Currently, there is no way to do this built into the library. I will investigate this in a future version, but I am unsure whether this will work on many of the other platforms (such as iOS and UWP) which uses the platform auth libraries (SFAuthenticationSession and WebAuthenticationBroker)

[takwaiw]

I found a way to delete the cookies. I can log in as a different google user after the cookies are deleted. This is the key step:

https://social.msdn.microsoft.com/Forums/vstudio/en-US/860d1b66-23c2-4a64-875b-1cac869a5e5d/wpf-web-browser-cookie?forum=wpf

For google idp, get the cookies for https://accounts.google.com.

[gdavalos]

@takwaiw it seems that that only works for WPF-based apps, do you know of any solution for winforms apps?

[takwaiw]

I did a google search for deleting browser cookies from winform. Found this link that may be useful: https://stackoverflow.com/questions/912741/how-to-delete-cookies-from-windows-form

[jerriep]

@gitizenme @gdavalos @takwaiw

I have push v2.2.0 of the packages to NuGet. This adds a LogoutAsync method which will launch the browser to sign the user out and clear the Auth0 SSO cookie.

You will need to add the same URL you added to the Allowed Callback URLs of your Auth0 application also to the Allowed Logout URLs so Auth0 can redirect back to your mobile application

Please note that - as pointed out above - this will launch the browser, same as when the user log in. It will send the browser to the Auth0 Logout endpoint which will clear the Auth0 SSO cookie.

I suspect this user experience may not be desirable to some of you, but it is the only proper and reliable way to clear that cookie.

Edit: The only platform which will not visibly launch the browser is UWP since it does allow for calling the WebAuthenticationBroker silently

[gdavalos]

Thanks for the change @jerriep

Just something, trying it out we noticed that it only deletes Auth0's SSO cookie right now, it doesn't delete the identity provider cookie, looking at the logout endpoint docs it seems that adding the federated query parameter should be enough to do that, could you add that too to the LogoutAsync method?

[jerriep]

@gdavalos Yes, I can do that

[jerriep]

@gdavalos I just pushed v2.3.0 to NuGet which adds support for passing the federated flag

[jsauve]

@jerriep, can you please provide some context on HOW calling the logout endpoint only works via browser (i.e. ASWebAuthenticationSession on iOS). As I understand it, ASWebAuthenticationSession (and SFWebAuthenticationSession) instantiate a secure browser that has no previous state or cookies. So, how exactly does the logout endpoint know which Auth0 user session that it's terminating? I looked at the PlatformWebView code for iOS and saw that only the clientId and redirectUri are being passed. So, how can the endpoint know which user is logging out?

I'd like to perform logout without popping a browser, and it seems to me that it would be possible by passing the user's id token to the logout endpoint. Is that not correct? I've looked for parameters on the logout endpoint that would permit this, but haven't found anything.

Can you please shed some light on this for me? Thanks.

[jerriep]

@jsauve I do not work for Auth0 anymore. I believe @damieng is now the person responsible for their .NET libraries

[damieng]

I am responsible for the .net libraries now but am off-site for MVP summit this week. Will hopefully get a chance to look at this and other PRs next week.

On Tue, Mar 19, 2019, 6:06 PM Jerrie Pelser notifications@github.com wrote:

@jsauve https://github.com/jsauve I do not work for Auth0 anymore. I believe @damieng https://github.com/damieng is not the person responsible for their .NET libraries

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/auth0/auth0-oidc-client-net/issues/5#issuecomment-474643787, or mute the thread https://github.com/notifications/unsubscribe-auth/AAHQp6rnt_1p7HydRV-B6VgqhKAWrL3Aks5vYYmlgaJpZM4OPqly .

[jsauve]

Awesome, thanks @damieng! Enjoy the summit. Also, thanks @jerriep.

[ZenwalkerD]

Hi,

I am facing this issue on Winforms wherein i have tried using federated argument as well are redirectTo argument via extra parameters in the LogOutAsync method. I am on latest version of library.

No luck