Weird behavior when calling logout from a private route

If I am viewing a Private route and then call logout e.g. by clicking a logout button in the header, I’m seeing some weird behavior where my client is not completely logged out. My auth component still thinks it is logged in, even after a refresh. (Note: I’m using Auth0 here.)

I think it’s something to do with the order of events - my private routes are configured to redirect to a login page, which is the Auth0 login page. So perhaps when I’m viewing a private route and click logout, it’s very quickly trying to redirect to the Auth0 login (which perhaps updates the authentication state) before it’s able to redirect to my logout url (which is a non-private route).

Does this sound like I’ve configured something incorrectly, or is the combination of private routes and logout flow somehow misbehaving?

Thank you!

Have you tried redirecting to the homepage?
Is your <Private/> block after the public routes?

Also, eventually tried with a different auth? I’m using firebase and I don’t have issues with logging out - I saw a similar behaviour but that was because I had not placed a route that needed authentication in the <Private/>, so irrelevant.

I’ve tried doing a redirect using Redwood router before the logout, and that does seem to work. It results in a somewhat strange looking double-refresh though (my first redirect and then the Auth0 logout redirect), but I think it would be an acceptable workaround for now. I think another option could be to create a dedicated logout page which would obviously not be a private route. When a user navigates there the page itself would handle the logout flow. That would probably still result in the double-refresh, but at least the logout logic would be centralized.

And yes, my private routes are at the end of my route list. The only route that comes after them is the notfound route.

I’m wondering if it’s somehow related to this issue. Perhaps there’s a weird race condition when calling logOut on a private page, which then tries to redirect to the unauthenticated page, which happens to be my Auth0 login page. If that tries to do any logging in but is interrupted by the subsequent redirect, I might be left in a weird state.

I’ll try with another provider to see if it still happens.

Ok, keep us posted :slightly_smiling_face:

I’ve had such issues but it was in an earlier version of RW, out of luck are you running an updated one? All packages at the latest? Tried to refresh the yarn cache by pulverising the node modules?

Are you doing this manually yourself, and if so are you using navigate to do this redirect?

@peterp I’m using the built-in redirect:

<Private unauthenticated="login">

And my login page is simply calling auth0Client.loginWithRedirect() (this page is just for redirecting private routes - my normal login flow uses the auth0 popup method).

@noire.munich Yes, most recent version of Redwood. I hadn’t touched this project in a while, so I just updated everything from 0.6 a few days ago. I also just deleted node_modules to be safe, and I’m still seeing the same behavior.

1 Like