You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by "David Handermann (Jira)" <ji...@apache.org> on 2023/03/28 13:43:00 UTC

[jira] [Resolved] (NIFI-8459) Logout not working properly with OIDC when using Auth0 as provider

     [ https://issues.apache.org/jira/browse/NIFI-8459?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

David Handermann resolved NIFI-8459.
------------------------------------
      Assignee: David Handermann
    Resolution: Information Provided

OpenID Connect defines a specification called RP-Initiated Logout 1.0, which defines the {{{}end_session_endpoint{}}}.

[https://openid.net/specs/openid-connect-rpinitiated-1_0.html]

Identity Providers that do not support this specification do not have a way to end the session at the provider, which explains the behavior of Auth0 at the time this issue was created.

More recent versions of Auth0 appear to support RP-Initiated Logout 1.0 based on the following documentation:

[https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0]

Without the {{{}end_session_endpoint{}}}, NiFi invalidates its own application Bearer Token, but that is the extent of logout behavior.

> Logout not working properly with OIDC when using Auth0 as provider
> ------------------------------------------------------------------
>
>                 Key: NIFI-8459
>                 URL: https://issues.apache.org/jira/browse/NIFI-8459
>             Project: Apache NiFi
>          Issue Type: Bug
>          Components: Core UI
>    Affects Versions: 1.13.2
>         Environment: Browser: Chrome / Firefox
> Configuration of NiFi:
> - SSL certificate for the server (no client auth)
> - OIDC configuration using auth0 endpoint
>            Reporter: R Arora
>            Assignee: David Handermann
>            Priority: Minor
>
> Hi,
> Not sure if this a bug...
> I have setup a OIDC configuration with Auth0 which has worked successfully. However, when I click on logout, I'm not redirected to the auth page. Instead I'm given a message "You have have successfully logged out. You may now close the window."... But when I click the home button or refresh the page, I get logged in again without going to the auth page to ask for user creds. 
> From what I'm reading in this blog: [https://www.jerriepelser.com/blog/using-auth0-with-vue-oidc-client-js/] auth0 doesn't provide end_session_endpoint in it's openid-configuration and hence NiFi is confused on logout. Is there anything we can do to work around this?
> Any help is appreciated. 
> Thanks!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)