Single signout using Front Channel with auth0

What happened?

I used auth0 as the IdP with simple flow like this :
client → pomerium → auth0 (IdP)

When i tried to do signout in the https://external-url/.pomerium/sign_out
It does not sign out from auth0.
Does auth0 support front-channel logout or this is not supported? Because i only see back-channel logout in auth0 docs. And i don’t see back channel logout in pomerium docs so it is quite confusing.

Is there another workaround ? I want to achieve single signout so auth0 will be logged out as well when we logged out from pomerium.

What did you expect to happen?

The auth0 will be logged out as well

What’s your environment like?

  • Pomerium version (retrieve with pomerium --version):

  • Server Operating System/Architecture/Cloud:

What’s your config.yaml?


  - from: ''
    to: ''
    allow_any_authenticated_user: true
    cors_allow_preflight: true
      x-pomerium-idp-id-token: ${pomerium.id_token}
      x-pomerium-idp-access-token: ${pomerium.access_token}
      x-pomerium-client-cert-fingerprint: ${pomerium.client_cert_fingerprint}
    pass_identity_headers: true
cookie_secret: xxxxx

# Relative file location for a single cert
certificate_file: '/etc/data/cert/fullchain.cer'
certificate_key_file: '/etc/data/cert/*'

signing_key: XXXXXXX

frontchannel_logout_uri: ''
signout_redirect_url: ''

idp_provider: 'auth0'
idp_provider_url: ''
idp_client_id: 'abc123' # from the web application
idp_client_secret: 'secret123' # from the web application

skip_xff_append: true
pomerium_debug: true
set_authorization_header: pass_through

What did you see in the logs?

nothing in particular

There is code to do a frontchannel logout when a user logs out. It should redirect to the IdP after killing the Pomerium session. It’s possible this code is not working with auth0. I will create an issue.

Looks like its a custom flow: Authentication API Explorer