Single Logout Issues

Resolved willburholt
(@willburholt)

8 years ago

The new Auth0 plugin update seems to not allow Single Logout for WordPress by using the URL https://randomtenant.auth0.com/v2/logout?returnTo=website.com/goodbye&client=123.

While I know there are other to log a user out effectively (by using a plugin), this issue just seemed to come up after I updated to the new version of the plugin (it was working before with everything configured correctly to https://auth0.com/docs/logout#redirect-users-after-logout).

In addition, I’ve made sure to turn off Legacy API (https://auth0.com/docs/migrations/guides/legacy-lock-api-deprecation#how-to-log-users-out) just in case.

Viewing 4 replies - 1 through 4 (of 4 total)

Josh C
(@auth0josh)

8 years ago

Hi @wilburholt,

We changed around how logout works, mainly getting rid of the federated parameter (logs you out of your social network as well, which was not what most sites needed) so it’s definitely possible that something changed for your site.

I’ll look into a fix for this that doesn’t require an Auth0 dashboard change but, in the meantime, can you add your homepage to the Application’s “Allowed Callback URLs” field for the Application you’re using?

One thing to note … Logging out should work by going to your WP logout URL first, which forwards you to the Auth0 logout automatically. The other way around should work as well (that’s how I test if SLO is working) but just FYI.

Thank you

Josh C
(@auth0josh)

8 years ago

Proposed solution if you’re willing/able to make changes to the plugin for testing:

https://github.com/auth0/wp-auth0/pull/479/files
Thread Starter willburholt
(@willburholt)

8 years ago
It seems like I’ll have to use the WordPress logout URL for now then.
- This reply was modified 8 years ago by willburholt.
- This reply was modified 8 years ago by willburholt.
Josh C
(@auth0josh)

8 years ago
Yes, as I said, “it was working before with everything configured correctly;” in which the callback URL and everything else were functioning correctly before.

I understand. I’m saying that adding your homepage to the Allowed Callback URLs should solve this issue temporarily until the fix above is released.

Just so we aren’t getting our terms mixed up here … SLO is when you log out of Auth0 and you subsequently logged out of associated sites without having to explicitly log out of each one. The logout link you’re using is logging directly out of Auth0 and then returning to the WP site where SLO *should* log you out of WordPress (and will once that fix is released).

If, instead, you log out of WordPress first, then log out of Auth0, you won’t need to use SLO. In fact, I’d recommend switching to this method as the SLO functionality is a fallback, not the main way to log out.

Redirecting after logout is a core WP functionality and you can do that by using this function:
```
echo wp_logout_url( get_the_ID() ? get_permalink() : '' );
```
… or passing in whatever link you’d like to land on after logging out (the one above will use the current page if you’re on a page/post/etc). Using that will log you out of Auth0 as well in the latest version and likely many before.

We’ll have the fix above released tomorrow or Friday. Let me know if I can do anything else to help.
- This reply was modified 8 years ago by Josh C.

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Single Logout Issues’ is closed to new replies.