Jump to content

Assistance with Auth0 SSO Logout Flow Integration in WHMCS

Yedukondala Reddy
 Share

Recommended Posts

Yedukondala Reddy Junior Member

Yedukondala Reddy

Posted
Posted

Issue Overview:
I am working to implement Single Sign-On (SSO) for my WHMCS installation using Auth0. While the login functionality works as expected, I have encountered issues with the logout process. When a user logs out from WHMCS, they are not fully logged out of the Auth0 tenant session (SSO session). Additionally, if they attempt to log in immediately after logout, they are automatically redirected into WHMCS without being sent to the Auth0 login page for re-authentication.

My Logout Configuration:
I use the endpoint:

https://<host>/sso.php?action=logout
And implement the following flow in the sso.php file: 

if (isset($_REQUEST['action']) && $_REQUEST['action'] === 'logout') {
    try {
        // Perform Auth0 SDK logout (clears local session)
        $auth0->logout();

        // Define WHMCS Client Area URL post-logout
        $redirectAfterLogout = 'https://' . $_SERVER['HTTP_HOST'] . '/clientarea.php';

        // Auth0 Logout endpoint
        $auth0LogoutUrl = 'https://auth0.com/v2/logout?returnTo=' . urlencode($redirectAfterLogout) . '&client_id=<client_id>';

        // Redirect the user to Auth0 logout endpoint
        header('Location: ' . $auth0LogoutUrl);
        exit;

    } catch (\Exception $e) {
        // Log logout exceptions
        logActivity('Logout error: ' . $e->getMessage());
        die('Error during logout: ' . $e->getMessage());
    }
}

Configuration Details:
Allowed Logout URL in Auth0:

https://<host>/clientarea.php

Current Behavior:
After triggering logout:

The local WHMCS session is cleared successfully.
However, the user remains logged into Auth0 (SSO session persists).
Logging in again automatically redirects the user to the WHMCS client area without showing the Auth0 login page.
Questions:
Does WHMCS modify or handle SSO tokens beyond clearing the local session via libraries like Auth0 PHP SDK?
Is there any WHMCS-specific functionality or configuration that can ensure the user session is fully cleared globally (Auth0 tenant level)?
Are there best practices WHMCS recommends for synchronizing session handling between WHMCS and third-party SSO providers?

Thanks,
Yedukondala Reddy

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept