Log out completely from Auth0 - Githubissues

nuxt / example-auth0

A simple example that shows how to use Nuxt.js with Auth0.

https://auth0.nuxtjs.org

MIT License

722 stars 159 forks source link

Log out completely from Auth0 #82

Open linh-ebisolvn opened 3 years ago

linh-ebisolvn commented 3 years ago

What problem does this feature solve?

After clicking log out (use $auth.logout() ) under the hood, it only clears the storage token, etc.. on the browser but not the session from auth0 server therefore it still remains logged in

What does the proposed changes look like?

Log out completely from Auth0 server

_{This feature request is available on Nuxt community (#c52)}

kleoken commented 3 years ago

Also having this issue

kleoken commented 3 years ago

@linh-ebisolvn For me the issue was that since I upgraded from the auth 4.x.x to auth 5.x.x they use different npm modules. So in my nuxt.config.js I still had @nuxt/auth in my modules sections instead of @nuxt/auth-next. I replaced the old module with the new one and updated my variables to the ones shown in the latest docs and it worked perfectly.

linh-ebisolvn commented 3 years ago

@kleoken I only have @nuxt/auth-next module but the problem still persists, so painful

kleoken commented 3 years ago

Post your nuxt config perhaps? Here is mine:

@nuxt/auth : 5.0.0-1612791489.a5d8c28

auth: {
    strategies: {
      local: false,
      auth0: {
        domain: 'process.env.AUTH0_DOMAIN',
        clientId: 'process.env.AUTH0_CLIENTID,
        audience: 'process.env.AUTH0_AUDIENCE',
        scope: ['openid', 'profile', 'email', 'offline_access'],
        responseType: 'code',
        grantType: 'authorization_code',
        codeChallengeMethod: 'S256',
        logoutRedirectUri: process.env.BASE_URL + '/login',
      }
    },
    redirect: {
      login: "/login", // User not logged in but needs to be
      logout: "/logout", // User logs out on and page is protected
      home: "/dashboard", // User gets redirected here after the callback page
      callback: "/loading" // User gets redirected here immediately after login
    }
  },

If it's only on logout you should be able to open the network tab and see your app hitting the auth0 logout endpoint. Also you should be able to see on Auth0 in the Logs section or the User History.

kleoken commented 3 years ago

When calling logout you just need this await this.$auth.logout() btw, you don't need to do ...logout("auth0")

linh-ebisolvn commented 3 years ago

Well tks for your help @kleoken My config looks exactly the same as you, my version is @nuxtjs/auth-next": "^5.0.0-1607967355.df8f01e The logs on Auth0 dashboard looks totally fine, I can see the log in data with full details The issue, however, lies on the other part, after await this.$auth.logout() auth0 redirects me to my callback page and gets logged in again, I have to log out again or maybe twice to completely clear the state on the auth0 server

kleoken commented 3 years ago

@linh-ebisolvn One of the previous problems I was having was that when Nuxt redirected me to my logout redirect, I was manually redirecting to the login page before the logout api call to auth0 had time to complete therefore logging me out client side but not logging me out from Auth0. Can you confirm you can see the /logout api call go through from the dev tools networking tab? If it's not going through or not present, you will not be fully logged out.

linh-ebisolvn commented 3 years ago

@linh-ebisolvn One of the previous problems I was having was that when Nuxt redirected me to my logout redirect, I was manually redirecting to the login page before the logout api call to auth0 had time to complete therefore logging me out client side but not logging me out from Auth0. Can you confirm you can see the /logout api call go through from the dev tools networking tab? If it's not going through or not present, you will not be fully logged out.

Can you show me how to reproduce the steps? Like create another logout page or use any method provided by $auth instance?

hmaack commented 3 years ago

Post your nuxt config perhaps? Here is mine:

@nuxt/auth : 5.0.0-1612791489.a5d8c28

auth: {
    strategies: {
      local: false,
      auth0: {
        domain: 'process.env.AUTH0_DOMAIN',
        clientId: 'process.env.AUTH0_CLIENTID,
        audience: 'process.env.AUTH0_AUDIENCE',
        scope: ['openid', 'profile', 'email', 'offline_access'],
        responseType: 'code',
        grantType: 'authorization_code',
        codeChallengeMethod: 'S256',
        logoutRedirectUri: process.env.BASE_URL + '/login',
      }
    },
    redirect: {
      login: "/login", // User not logged in but needs to be
      logout: "/logout", // User logs out on and page is protected
      home: "/dashboard", // User gets redirected here after the callback page
      callback: "/loading" // User gets redirected here immediately after login
    }
  },

If it's only on logout you should be able to open the network tab and see your app hitting the auth0 logout endpoint. Also you should be able to see on Auth0 in the Logs section or the User History.

I created a PR #86 to migrate to @nuxt/auth-next v5. In this example upgrade the logout behavior works as expected and will fix this issue.

Kerwood commented 3 years ago

Is this project totally dead ?

getnorthern commented 2 years ago

Having exactly the same issue as above. Has anyone found a solution for this?