[jira] [Resolved] (NIFI-8459) Logout not working properly with OIDC when using Auth0 as provider

Tue, 28 Mar 2023 06:43:08 -0700 


     [ 
https://issues.apache.org/jira/browse/NIFI-8459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

David Handermann resolved NIFI-8459.
------------------------------------
      Assignee: David Handermann
    Resolution: Information Provided

OpenID Connect defines a specification called RP-Initiated Logout 1.0, which 
defines the {{{}end_session_endpoint{}}}.

[https://openid.net/specs/openid-connect-rpinitiated-1_0.html]

Identity Providers that do not support this specification do not have a way to 
end the session at the provider, which explains the behavior of Auth0 at the 
time this issue was created.

More recent versions of Auth0 appear to support RP-Initiated Logout 1.0 based 
on the following documentation:

[https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0]

Without the {{{}end_session_endpoint{}}}, NiFi invalidates its own application 
Bearer Token, but that is the extent of logout behavior.

> Logout not working properly with OIDC when using Auth0 as provider
> ------------------------------------------------------------------
>
>                 Key: NIFI-8459
>                 URL: https://issues.apache.org/jira/browse/NIFI-8459
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.13.2
>         Environment: Browser: Chrome / Firefox
> Configuration of NiFi:
> - SSL certificate for the server (no client auth)
> - OIDC configuration using auth0 endpoint
>            Reporter: R Arora
>            Assignee: David Handermann
>            Priority: Minor
>
> Hi,
> Not sure if this a bug...
> I have setup a OIDC configuration with Auth0 which has worked successfully. 
> However, when I click on logout, I'm not redirected to the auth page. Instead 
> I'm given a message "You have have successfully logged out. You may now close 
> the window."... But when I click the home button or refresh the page, I get 
> logged in again without going to the auth page to ask for user creds. 
> From what I'm reading in this blog: 
> [https://www.jerriepelser.com/blog/using-auth0-with-vue-oidc-client-js/] 
> auth0 doesn't provide end_session_endpoint in it's openid-configuration and 
> hence NiFi is confused on logout. Is there anything we can do to work around 
> this?
> Any help is appreciated. 
> Thanks!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to