-
Notifications
You must be signed in to change notification settings - Fork 388
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
doc: Added note that Clerk OAuth doesnt support logout #1540
base: main
Are you sure you want to change the base?
Conversation
Logout is not supported when using clerk OAuth. I added a note indicating this. https://discord.com/channels/856971667393609759/1283094343779090443/1283094343779090443
@alexisintech -- Clerk as an OAuth provider does not issue an auth token, so there is no need for a logout endpoint. I've communicated that in the Discord thread. IMO this should be closed and not merged. The FAQ and the warning at the top of the page make it clear this is not an authentication token.
|
Here are more details on repro steps (from discord thread). I recommend this be noted explicitly as this is a complex issue that many users will not understand without investing significant time. The not about the Clerk JWT IMO is not sufficient to explain the problem. Setup:
Repro Steps
The state after these steps is:
Now here is the issue:
This means the user can re-authenticate to a session even after both the downstream IDP and the app itself were signed out. This is because Clerk stores the session and automatically bypasses the auth prompt AND because there is no way for me as the owner of |
As noted in Discord, this occurs because in the given example the user signed out of the Google and of the application using Clerk as an IdP. They did not sign out of the application that sits in the middle -- the one where the user used Google to sign up/in and is acting as the Clerk IdP for the
|
Logout is not supported when using clerk OAuth. I added a note indicating this.
https://discord.com/channels/856971667393609759/1283094343779090443/1283094343779090443
Important
🔎 Previews:
Explanation:
It notes that OAuth logout is not supported to save other people time.
This PR:
Adds a FAQ question and answer that states logout is not support with Clerk's OAuth endpoint.