Create a logout route

[thijsvdanker]

I need a way to logout my users from auth0 within my Laravel application.

Would it make sense to create a logout route in this package that flushes the session?

[glena]

I don't think so.

The session handling is not handled by the package, it just extends laravel's in order to work with auth0.

In this case, you just need to add a route that excecutes Auth::logout();

[thijsvdanker]

ok, agreed. thanks

[glena]

thanks

[hossam-maurice-zz]

I am facing an issue with the Auth::logout() with Auth0 application created after 1st of September 2017, after logging out it redirects me to the login page which is the Auth0 lock, and before it displays the lock it logs me in again and redirect to the authenticated screen on my site. So I can't logout.

I tried all the solutions in the following link and it didn't work with me
https://stackoverflow.com/questions/34479994/laravel-5-2-authlogout-is-not-working/34667356#34667356

I am using Laravel 5.6 and laravel-auth0 v5.1.0
My code is exactly like the following guide: https://auth0.com/docs/quickstart/webapp/laravel/01-login with the custom user handling, except the home page redirects to the Auth0 lock, it isn't a normal page with login button.

Note:
Everything is working fine with the Auth0 applications created before 1st of September 2017.
I faced this issue when I switched to the new Auth0 application, while both applications have the exact the same settings.

Any ideas?

[joshcanhelp]

@hossam-maurice - Sorry for the trouble there.

I walked through the Quickstart (Laravel 5.7 but that shouldn't make any difference) and everything is working for me right out of the box. My tenant was created this year so same situation. A few questions on your comment here:

after logging out it redirects me to the login page which is the Auth0 lock

The Quickstart uses the Universal Login page, not Lock/embedded. Where are you seeing steps to integrate Lock? I would recommend using the hosted page with an application like this.

before it displays the lock it logs me in again and redirect to the authenticated screen on my site

Do you have any kind of checkSession on the Lock page? We do that in the WordPress plugin, check for an Auth0 session and, if there is one, log the user in automatically. Like so:

https://github.com/auth0/wp-auth0/blob/master/templates/auth0-sso-handler-lock10.php

[hossam-maurice-zz]

@joshcanhelp - Thank you for the fast response.
First, I am using the Universal Login page. I found the issue in the link you sent regarding the Universal Login page in the following paragraph:

Whenever your app triggers an authentication request, the user will be redirected to the login page in order to authenticate. This will create a cookie. In future authentication requests, Auth0 will check for this cookie, and if it is present the user will not be redirected to the login page. They will see the page only when they need to actually log in. This is the easiest way to implement SSO.

I find out that I need to add "prompt" => "login" to the additional_params array with the scope in the login function to force the user to login each time the login URL is called. This is the reference https://community.auth0.com/t/using-auth0-universal-login-without-sso/11830/2

Thank you

[joshcanhelp]

@hossam-maurice - Happy to help! So this is resolved?