Immediately logged in again after a logout

[Rayv1]

Hi,

I installed the cdk version of consoleMe in the full default setting and did not change anything except the config.yaml parameters. After I logged in with the cognito admin account and clicked "logout", I immediately logged back in. This happens with every account.

To Reproduce

1. Login
2. Click on your UserID in the upper right corner
3. Click on Logout
4. you will be instantly logged in again

Expected behavior
To be logged out

Desktop (please complete the following information):

• OS: Ubuntu 20
• Browser: Chromium
• Version: 93.0.4577.63 (Official Build) snap (64-bit)

Additional context
I checked the browser network tab and it the logout request was successful.

[castrapel]

Hey @Rayv1 , thanks for the issue! This is because ConsoleMe deletes it's own jwt (session cookie), but it doesn't initiate the logout pattern with Cognito. The page just refreshes, does the OIDC dance with cognito, but since you're already authenticated with Cognito, ConsoleMe will just hand you another jwt.

When I get a chance, I'll take a look at doing a proper OIDC logout flwo here

[kvalvika]

Hi, I configured ALB authentication with AWS Cognito, and had same problem that it keeps logged back in.

1. auth.logout_redirect_url
   I've added Cognito Logout endpoint here to logout and redirect to sign in url.
   https://docs.aws.amazon.com/cognito/latest/developerguide/logout-endpoint.html
2. auth.extra_auth_cookies
   I've added AWSELBAuthSessionCookie key lists here to clear ALB cookies when logout.
3. Cognito callback url, sign out url
   I need to add my redirect_url to both callback url and sign out url.

I've tried those in my config and it works for me, I hope this could help your case.