diff --git a/docs/providers/auth0.md b/docs/providers/auth0.md index f815b86a5..75c632dea 100644 --- a/docs/providers/auth0.md +++ b/docs/providers/auth0.md @@ -45,20 +45,23 @@ You can get your `clientId` and `domain` the Settings section for your client in ## Logout with new Auth0 tenants -Auth0 tenants created in 2018 and earlier had an optional tenant setting `Enable Seamless SSO`. This setting is automatically enabled for new tenants and cannot be disabled. +On logout, local `auth` is reset and you will be instantly redirected to `Auth0` so your session is destroyed remotely as well. After that, you will be redirected back to your website by `Auth0`. -If enabled and a user logs out and logs back in a short while later, they will not need to re-enter their credentials. They'll be logged in automatically. +To make sure you are redirected to the right page, you need to setup two things: +* Go to into the `Tenant Settings` > `Advanced` and enter the allowed URL(s) you can redirect to in `Allowed Logout URLs`, such as `http://localhost:3000` +* Add `logoutRedirectUri` to your config and add the value you just configured: +```js +auth: { + strategies: { + auth0: { + logoutRedirectUri: 'http://localhost:3000', + } + } +} +``` -You can force Auth0 to present the login page: -* Go to into the `Tenant Settings` > `Advanced` -* In `Allowed Logout URLs` enter the allowed URL(s) you can redirect to, such as `http://localhost:3000` +Now you can logout calling the `logout` function: -Wherever you have a logout feature do two things: - 1. run the logout command ```js this.$auth.logout() -``` - 2. redirect the user to the Auth0 logout URL along with a `returnTo` parameter -``` -https://mytenant.auth0.com/v2/logout?returnTo=http%3A%2F%2Flocalhost:3000 ``` diff --git a/docs/schemes/oauth2.md b/docs/schemes/oauth2.md index 758dd8437..718d814ee 100644 --- a/docs/schemes/oauth2.md +++ b/docs/schemes/oauth2.md @@ -49,6 +49,7 @@ auth: { grantType: 'authorization_code', accessType: undefined, redirectUri: undefined, + logoutRedirectUri: undefined, clientId: 'SET_ME', scope: ['openid', 'profile', 'email'], state: 'UNIQUE_AND_NON_GUESSABLE', @@ -149,6 +150,10 @@ Should be same as login page or relative path to welcome screen. ([example](http By default it will be inferred from `redirect.callback` option. (Defaults to `/login`) +### `logoutRedirectUri` + +Should be an absolute path to the welcome screen + ### `clientId` **REQUIRED** - oauth2 client id. diff --git a/src/providers/auth0/index.ts b/src/providers/auth0/index.ts index 29f7e343c..4e6e40315 100644 --- a/src/providers/auth0/index.ts +++ b/src/providers/auth0/index.ts @@ -6,7 +6,9 @@ export default function auth0 (_nuxt, strategy) { scheme: path.resolve(__dirname, 'scheme'), endpoints: { authorization: `https://${strategy.domain}/authorize`, - userInfo: `https://${strategy.domain}/userinfo` + userInfo: `https://${strategy.domain}/userinfo`, + token: `https://${strategy.domain}/oauth/token`, + logout: `https://${strategy.domain}/v2/logout` }, scope: ['openid', 'profile', 'email'] }) diff --git a/src/providers/auth0/scheme.ts b/src/providers/auth0/scheme.ts index e83bfb920..ff5c7b2ac 100644 --- a/src/providers/auth0/scheme.ts +++ b/src/providers/auth0/scheme.ts @@ -5,13 +5,11 @@ export default class Auth0 extends Oauth2Scheme { logout () { this.$auth.reset() - if (this.options.endpoints.logout) { - const opts = { - client_id: this.options.clientId, - returnTo: this._logoutRedirectURI - } - const url = this.options.endpoints.logout + '?' + encodeQuery(opts) - window.location.replace(url) + const opts = { + client_id: this.options.clientId, + returnTo: this._logoutRedirectURI } + const url = this.options.endpoints.logout + '?' + encodeQuery(opts) + window.location.replace(url) } }