-
Notifications
You must be signed in to change notification settings - Fork 842
Auth0 does not publish and end_session_endpoint in their openid-configuration. #1067
Comments
The same situation exists for using Google OAuth2. We catch the error "no end session endpoint" on using the signoutRedirect method during logging out. |
From my recollection, Auth0's logout endpoint is not conformant to the OIDC end session EP. IOW, theyt don't accept the params as per spec. So my question is then what benefit would doing this metadata merge? |
You'd think they have the budget now. |
@brockallen I don’t think I’ve laughed that hard in a year. Bravo. |
@dopry Looking at the solution you linked above, why couldn't/wouldn't you just add the following to the
CC: @brockallen |
Did it work for you? If so I will look more closely, it would be nice to eliminate the branch in my svelte components. |
@dopry I will try and let you know. :) |
@dopry auth0 was down yesterday, but I was able to test seeing if specifying a
I'm not sure if your endpoints are the same as mine, but I ultimately consulted the .well-known endpoint to see what the correct values were for me. Hope this helps! |
end_session_endpoint isn't technically required by the OIDC spec, sessions are an optional sub-specification. It would be nice if there were a way to inject the specific missing property into the configuration. Unfortunately the way the getMetadata() method is currently implemented openid-configuration will overwrite any provided meta-data.
More generally it would be nice of the client better handled the signout request if there wasn't an end_session_endpoint available. currently is just throws an exception.
The text was updated successfully, but these errors were encountered: