Auth0.com does not expose the end_session_endpoint in the metadata, but it defines GET <domain>.auth0.com/v2/logout for the same purpose. If the discovery feature is turned on and the sso-logout property is set true, the application won't work login in a secured Blueriq application will return an error because the REQUIRED end_session_endpoint is missing from the auth0.com configuration metadata response. There is no fallback for reading the end-session-endpoint from the property file if it is not found in the identity provider metadata, so we advice the following when using aut0.com: - Either don't use discovery and specify the
end-session-endpoint manually
Or - Set
sso-logout to false when using discovery feature, but in that case, the logout will not work.
|