Hi, I'm using goodData cloud, I created an auth0 account to handle the authentication. There will be multiple web applications and auth0 will be used for auth. So when I login in the main app user should be automatically logged in the react app (goodData reporting app). This part is working fine but the issue is in the logout, When the user logout from the main app, he should be logged out from the reporting app which is not happening. So now if another user log in the main app, it won't change in the reporting app. Any idea how to fix this ? Regards.

Hi Mohammad, thank you for bringing this up. I discussed this internally and to do this correctly, you need to call logout from the GoodData backend. From the GD.UI, you can use the deauthenticate method. It should be fairly simple:

backend.deauthenticate()

It is an interesting topic and we are going add this to our documentation.

But in my main app there is no goodData backend, the second app is responsible for goodData reports ( created by accelerator toolkit as mentioned in the documentation). So my main app could be any app and when the user logout from the main app he should be logged out when trying to access the goodData app.

Hi, I see what you mean, and it does make sense, but I don't think it's possible, because of how the OIDC works - the access tokens for specific sites are stored in the browser as cookies and one site cannot force removal of the cookies for the third site. But maybe there's a way to force this from auth0 site - I would try to contact their support.

@Mohammad Zahr have you managed to resolve your issue or do you need further help from our Support Team?

Hi, issue not resolved yet. I think the fix should be on your side as goodData app should handle if auth0 is expired and force the user to login again or if auth0 session changed.

@Boris @Tomas Gabik

These are different authentication realms. GoodData Cloud doesn't know that user was logged out from custom app. It must be told. When user logs in, it obtains access token with some validity. This token is stored (encrypted) in GoodData Cloud cookie. The problem with this token is, that once issued, it's valid until expiry time or unless explicitly revoked. When user logs out from their wrapping application, they surely delete user's session from their system, but the GoodData Cloud cookies remain in browser, with valid token. When another user logs in using the same browser, he gets a new session but the GoodData Cloud cookie (containing still valid token) is sent to GoodData Cloud backend. Valid cookie means valid user, so access is granted. The only reliable way is to call logout (

GET /logout

) on GoodData Cloud during logout from custom app, right before the session is deleted. This action will destroy GoodData Cloud cookie, so any new user will need to reauthenticate (possibly using existing Identity provider cookies, so username/password will not be requested). User will be provided with a new valid GoodData Cloud Cookie referring to the correct user.

yes I got your reply, will discuss it with my team.