logout_url does not include client_id parameter

[mbiang]

Calling the logout_url method doesn't include client_id parameter in the resulting URL.

According to https://auth0.com/docs/logout, the Client ID parameter specifies the application to log the user out of.

As it stands the following code returns "https://mydomain.auth0.com/logout?returnTo=/". Shouldn't it return "https://mydomain.auth0.com/logout?returnTo=/&client_id=XXXXXXXXXXXX"?

Auth0Client.new(
    client_id: 'XXXXXXXXXXXX', 
    client_secret: 'XXXXXXXXXXXX',
    api_version: 1,
    domain: 'mydomain.auth0.com'
).logout_url('/').to_s

Expected Output: "https://mydomain.auth0.com/logout?returnTo=/&client_id=XXXXXXXXXXXX"
Actual output: "https://mydomain.auth0.com/logout?returnTo=/"

[rjocoleman]

I got caught with this too. My logout request was producing an auth0 error page because the returnTo URL wasn't whitelisted.

I had it whitelisted returnTo at the client level in the auth0 web interface, which requires the client_id set.

As a workaround the returnTo can be whitelisted for all clients, at the account level (which is required when client_id is not set. https://manage.auth0.com/#/account/advanced

These docs have some additional detail: https://auth0.com/docs/logout#redirect-users-after-logout