From 2fe16eec1c5ad38c430b7a556917f4322d6a5f49 Mon Sep 17 00:00:00 2001 From: darthf1 Date: Sat, 13 Jun 2020 13:13:41 +0200 Subject: [PATCH 1/5] - auth0: add token and logout endpoint --- src/providers/auth0/index.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/providers/auth0/index.ts b/src/providers/auth0/index.ts index 29f7e343c..4e6e40315 100644 --- a/src/providers/auth0/index.ts +++ b/src/providers/auth0/index.ts @@ -6,7 +6,9 @@ export default function auth0 (_nuxt, strategy) { scheme: path.resolve(__dirname, 'scheme'), endpoints: { authorization: `https://${strategy.domain}/authorize`, - userInfo: `https://${strategy.domain}/userinfo` + userInfo: `https://${strategy.domain}/userinfo`, + token: `https://${strategy.domain}/oauth/token`, + logout: `https://${strategy.domain}/v2/logout` }, scope: ['openid', 'profile', 'email'] }) From 46d58cab9cc193967dd6ae4d3d0f1f0e39ce73f0 Mon Sep 17 00:00:00 2001 From: darthf1 Date: Sat, 13 Jun 2020 13:17:22 +0200 Subject: [PATCH 2/5] - auth0: logout endpoint is now always set --- src/providers/auth0/scheme.ts | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/src/providers/auth0/scheme.ts b/src/providers/auth0/scheme.ts index e83bfb920..ff5c7b2ac 100644 --- a/src/providers/auth0/scheme.ts +++ b/src/providers/auth0/scheme.ts @@ -5,13 +5,11 @@ export default class Auth0 extends Oauth2Scheme { logout () { this.$auth.reset() - if (this.options.endpoints.logout) { - const opts = { - client_id: this.options.clientId, - returnTo: this._logoutRedirectURI - } - const url = this.options.endpoints.logout + '?' + encodeQuery(opts) - window.location.replace(url) + const opts = { + client_id: this.options.clientId, + returnTo: this._logoutRedirectURI } + const url = this.options.endpoints.logout + '?' + encodeQuery(opts) + window.location.replace(url) } } From 39104c3b50f9ceea2f88adcdac99d5afff28311c Mon Sep 17 00:00:00 2001 From: darthf1 Date: Sat, 13 Jun 2020 13:29:30 +0200 Subject: [PATCH 3/5] - auth0: update docs regarding logout --- docs/providers/auth0.md | 25 ++++++++++++++----------- 1 file changed, 14 insertions(+), 11 deletions(-) diff --git a/docs/providers/auth0.md b/docs/providers/auth0.md index f815b86a5..1aa5ab7c5 100644 --- a/docs/providers/auth0.md +++ b/docs/providers/auth0.md @@ -45,20 +45,23 @@ You can get your `clientId` and `domain` the Settings section for your client in ## Logout with new Auth0 tenants -Auth0 tenants created in 2018 and earlier had an optional tenant setting `Enable Seamless SSO`. This setting is automatically enabled for new tenants and cannot be disabled. +On logout, local `auth` is reset and you will be instantly redirected to `Auth0` so your session is destroyed remotely as well. After that, you will be redirected back to your website by `Auth0`. -If enabled and a user logs out and logs back in a short while later, they will not need to re-enter their credentials. They'll be logged in automatically. +To make sure you are redirected to the right page, you need to setup two things: +* Go to into the `Tenant Settings` > `Advanced` and enter the allowed URL(s) you can redirect to in `Allowed Logout URLs`, such as `http://localhost:3000` +* Add `redirectUri` to your config and add the value you just configured: +```js +auth: { + strategies: { + auth0: { + redirectUri: 'http://localhost:3000', + } + } +} +``` -You can force Auth0 to present the login page: -* Go to into the `Tenant Settings` > `Advanced` -* In `Allowed Logout URLs` enter the allowed URL(s) you can redirect to, such as `http://localhost:3000` +Now you can logout calling the `logout` function: -Wherever you have a logout feature do two things: - 1. run the logout command ```js this.$auth.logout() -``` - 2. redirect the user to the Auth0 logout URL along with a `returnTo` parameter -``` -https://mytenant.auth0.com/v2/logout?returnTo=http%3A%2F%2Flocalhost:3000 ``` From 7769a21d9511187e81969c7b352e39da525e28e1 Mon Sep 17 00:00:00 2001 From: darthf1 Date: Sat, 13 Jun 2020 13:31:47 +0200 Subject: [PATCH 4/5] - auth0: set correct logout option in docs --- docs/providers/auth0.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/providers/auth0.md b/docs/providers/auth0.md index 1aa5ab7c5..75c632dea 100644 --- a/docs/providers/auth0.md +++ b/docs/providers/auth0.md @@ -49,12 +49,12 @@ On logout, local `auth` is reset and you will be instantly redirected to `Auth0` To make sure you are redirected to the right page, you need to setup two things: * Go to into the `Tenant Settings` > `Advanced` and enter the allowed URL(s) you can redirect to in `Allowed Logout URLs`, such as `http://localhost:3000` -* Add `redirectUri` to your config and add the value you just configured: +* Add `logoutRedirectUri` to your config and add the value you just configured: ```js auth: { strategies: { auth0: { - redirectUri: 'http://localhost:3000', + logoutRedirectUri: 'http://localhost:3000', } } } From 924ca4af1d5eb318b408e68ee56ff3e775a59a33 Mon Sep 17 00:00:00 2001 From: darthf1 Date: Sat, 13 Jun 2020 13:42:48 +0200 Subject: [PATCH 5/5] - oauth: document logoutRedirectUri option --- docs/schemes/oauth2.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/schemes/oauth2.md b/docs/schemes/oauth2.md index 758dd8437..718d814ee 100644 --- a/docs/schemes/oauth2.md +++ b/docs/schemes/oauth2.md @@ -49,6 +49,7 @@ auth: { grantType: 'authorization_code', accessType: undefined, redirectUri: undefined, + logoutRedirectUri: undefined, clientId: 'SET_ME', scope: ['openid', 'profile', 'email'], state: 'UNIQUE_AND_NON_GUESSABLE', @@ -149,6 +150,10 @@ Should be same as login page or relative path to welcome screen. ([example](http By default it will be inferred from `redirect.callback` option. (Defaults to `/login`) +### `logoutRedirectUri` + +Should be an absolute path to the welcome screen + ### `clientId` **REQUIRED** - oauth2 client id.