diff --git a/core/examples/luigi-sample-angular/e2e/tests/login-flow.spec.js b/core/examples/luigi-sample-angular/e2e/tests/login-flow.spec.js
index 4da8f35162..299bfc85c9 100644
--- a/core/examples/luigi-sample-angular/e2e/tests/login-flow.spec.js
+++ b/core/examples/luigi-sample-angular/e2e/tests/login-flow.spec.js
@@ -17,7 +17,7 @@ describe('Login Flow', () => {
     );
   });
 
-  it('Link in profile dropwdown', () => {
+  it('Link in profile dropdown', () => {
     cy.login('tets@email.com', 'tets');
 
     cy.get('[data-e2e="luigi-topnav-profile"]').click();
diff --git a/core/examples/luigi-sample-angular/src/assets/auth-mock/login-mock.html b/core/examples/luigi-sample-angular/src/assets/auth-mock/login-mock.html
index 1388be7d1d..751618edde 100644
--- a/core/examples/luigi-sample-angular/src/assets/auth-mock/login-mock.html
+++ b/core/examples/luigi-sample-angular/src/assets/auth-mock/login-mock.html
@@ -72,8 +72,18 @@
     <div class="panel">
       <h1>Login to Luigi sample app</h1>
       <form>
-        <input type="text" class="form-input" value="LuigiUsername" /><br />
-        <input type="password" class="form-input" value="LuigiPassword" /><br />
+        <input
+          type="text"
+          class="form-input"
+          value="LuigiUsername"
+          autocomplete="username"
+        /><br />
+        <input
+          type="password"
+          class="form-input"
+          value="LuigiPassword"
+          autocomplete="current-password"
+        /><br />
         <button id="login-button">Login</button>
       </form>
     </div>
diff --git a/core/examples/luigi-sample-angular/src/assets/auth-mock/logout-mock.html b/core/examples/luigi-sample-angular/src/assets/auth-mock/logout-mock.html
index 9bf71ffa9d..2739002510 100644
--- a/core/examples/luigi-sample-angular/src/assets/auth-mock/logout-mock.html
+++ b/core/examples/luigi-sample-angular/src/assets/auth-mock/logout-mock.html
@@ -1,15 +1,47 @@
 <!DOCTYPE html>
 <html>
-<head>
-  <title>Luigi Mock Identity Provider</title>
-</head>
-<body>
-Logging out...
-<script>
-  window.onload = function() {
-    const redirectTo = decodeURIComponent(window.location.href.match(/post_logout_redirect_uri=(.*?)(&|$)/)[1]);
-    window.location.href = redirectTo;
-  };
-</script>
-</body>
+  <head>
+    <title>Luigi Mock Identity Provider</title>
+  </head>
+  <body>
+    Logging out...
+    <script>
+      var allPossibilitiesOfHashSlashes = '([^/?=&]+)(=([^&]*))?';
+
+      var getQueryParams = function(uri) {
+        var hashParams = {};
+        uri.replace(new RegExp(allPossibilitiesOfHashSlashes, 'g'), function(
+          $0,
+          $1,
+          $2,
+          $3
+        ) {
+          hashParams[$1] = $3;
+        });
+        return hashParams;
+      };
+
+      window.onload = function() {
+        let redirectTo;
+        try {
+          const url = new URL(window.location.href);
+          const post_logout_redirect_uri = url.searchParams.get(
+            'post_logout_redirect_uri'
+          );
+          redirectTo = post_logout_redirect_uri;
+
+          const error = url.searchParams.get('error');
+          const errorDescription = url.searchParams.get('errorDescription');
+          if (error) {
+            redirectTo = `${redirectTo}?error=${error}&errorDescription=${errorDescription}`;
+          }
+        } catch (error) {
+          redirectTo = decodeURIComponent(
+            window.location.href.match(/post_logout_redirect_uri=(.*?)(&|$)/)[1]
+          );
+        }
+        window.location.href = redirectTo;
+      };
+    </script>
+  </body>
 </html>
diff --git a/core/examples/luigi-sample-angular/src/logout.html b/core/examples/luigi-sample-angular/src/logout.html
index 173757176e..2645f9298c 100644
--- a/core/examples/luigi-sample-angular/src/logout.html
+++ b/core/examples/luigi-sample-angular/src/logout.html
@@ -57,7 +57,7 @@
           <div class="hint" id="message" data-e2e="logout-message">Sign in again to continue working on awesome things!</div>
         </p>
         <p class="fd-has-text-align-center">
-          <button class="fd-button--emphasized " onclick="login()">Re-Login</button>
+          <button class="fd-button--emphasized" onclick="login()">Re-Login</button>
         </p>
       </section>
     </div>
@@ -74,16 +74,12 @@
   var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
   var results = regex.exec(location.search);
   return results && decodeURIComponent(results[1].replace(/\+/g, ' ')) || '';
-};
+}
 
-var reason = getUrlParameter('reason');
 var error = getUrlParameter('error');
+var errorDescription = getUrlParameter('errorDescription');
 
-if (error) {
-  document.getElementById('message').innerText = error;
-}
-
-switch (reason) {
+switch (error) {
   case 'tokenExpired':
     document.getElementById('headline').innerText = 'Your session has expired.';
     break;
@@ -94,6 +90,11 @@
   default:
     break;
 }
+
+if (errorDescription) {
+  document.getElementById('message').innerText = errorDescription;
+}
+
 </script>
 </body>
 </html>
diff --git a/core/examples/luigi-sample-angular/src/luigi-config/extended/auth.js b/core/examples/luigi-sample-angular/src/luigi-config/extended/auth.js
index d66bb5d783..b9bfbdd686 100644
--- a/core/examples/luigi-sample-angular/src/luigi-config/extended/auth.js
+++ b/core/examples/luigi-sample-angular/src/luigi-config/extended/auth.js
@@ -91,18 +91,19 @@ class Auth {
   };
 
   events = {
-    onLogout: () => {
-      console.log('onLogout');
+    onLogout: settings => {
+      console.log('onLogout', settings);
     },
-    onAuthSuccessful: data => {
-      console.log('onAuthSuccessful', data);
+    onAuthSuccessful: (settings, authData) => {
+      console.log('onAuthSuccessful', settings, authData);
     },
-    onAuthExpired: () => {
-      console.log('onAuthExpired');
+    onAuthExpired: settings => {
+      console.log('onAuthExpired', settings);
+      // return false; // prevent redirect to logoutUrl
     },
-    // TODO: define luigi-client api for getting errors
-    onAuthError: err => {
-      console.log('authErrorHandler 1', err);
+    onAuthError: (settings, err) => {
+      console.log('authErrorHandler 1', err, settings);
+      // return false; // prevent redirect to logoutUrl, but go to /
     }
   };
 }
diff --git a/core/examples/luigi-sample-vue/package-lock.json b/core/examples/luigi-sample-vue/package-lock.json
index a9bd8f1d13..c124edd8d7 100644
--- a/core/examples/luigi-sample-vue/package-lock.json
+++ b/core/examples/luigi-sample-vue/package-lock.json
@@ -5611,7 +5611,8 @@
         "ansi-regex": {
           "version": "2.1.1",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "aproba": {
           "version": "1.2.0",
@@ -5632,12 +5633,14 @@
         "balanced-match": {
           "version": "1.0.0",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "brace-expansion": {
           "version": "1.1.11",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "balanced-match": "^1.0.0",
             "concat-map": "0.0.1"
@@ -5652,17 +5655,20 @@
         "code-point-at": {
           "version": "1.1.0",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "concat-map": {
           "version": "0.0.1",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "console-control-strings": {
           "version": "1.1.0",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "core-util-is": {
           "version": "1.0.2",
@@ -5779,7 +5785,8 @@
         "inherits": {
           "version": "2.0.3",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "ini": {
           "version": "1.3.5",
@@ -5791,6 +5798,7 @@
           "version": "1.0.0",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "number-is-nan": "^1.0.0"
           }
@@ -5805,6 +5813,7 @@
           "version": "3.0.4",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "brace-expansion": "^1.1.7"
           }
@@ -5812,12 +5821,14 @@
         "minimist": {
           "version": "0.0.8",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "minipass": {
           "version": "2.2.4",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "safe-buffer": "^5.1.1",
             "yallist": "^3.0.0"
@@ -5836,6 +5847,7 @@
           "version": "0.5.1",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "minimist": "0.0.8"
           }
@@ -5916,7 +5928,8 @@
         "number-is-nan": {
           "version": "1.0.1",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "object-assign": {
           "version": "4.1.1",
@@ -5928,6 +5941,7 @@
           "version": "1.4.0",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "wrappy": "1"
           }
@@ -6013,7 +6027,8 @@
         "safe-buffer": {
           "version": "5.1.1",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "safer-buffer": {
           "version": "2.1.2",
@@ -6049,6 +6064,7 @@
           "version": "1.0.2",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "code-point-at": "^1.0.0",
             "is-fullwidth-code-point": "^1.0.0",
@@ -6068,6 +6084,7 @@
           "version": "3.0.1",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "ansi-regex": "^2.0.0"
           }
@@ -6111,12 +6128,14 @@
         "wrappy": {
           "version": "1.0.2",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "yallist": {
           "version": "3.0.2",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         }
       }
     },
diff --git a/core/package-lock.json b/core/package-lock.json
index b73baac06b..471ac47b4c 100644
--- a/core/package-lock.json
+++ b/core/package-lock.json
@@ -1647,7 +1647,7 @@
     },
     "buffer": {
       "version": "4.9.1",
-      "resolved": "https://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
+      "resolved": "http://registry.npmjs.org/buffer/-/buffer-4.9.1.tgz",
       "integrity": "sha1-bRu2AbB6TvztlwlBMgkwJ8lbwpg=",
       "dev": true,
       "requires": {
@@ -3228,7 +3228,8 @@
         "ansi-regex": {
           "version": "2.1.1",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "aproba": {
           "version": "1.2.0",
@@ -3249,12 +3250,14 @@
         "balanced-match": {
           "version": "1.0.0",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "brace-expansion": {
           "version": "1.1.11",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "balanced-match": "^1.0.0",
             "concat-map": "0.0.1"
@@ -3269,17 +3272,20 @@
         "code-point-at": {
           "version": "1.1.0",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "concat-map": {
           "version": "0.0.1",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "console-control-strings": {
           "version": "1.1.0",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "core-util-is": {
           "version": "1.0.2",
@@ -3396,7 +3402,8 @@
         "inherits": {
           "version": "2.0.3",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "ini": {
           "version": "1.3.5",
@@ -3408,6 +3415,7 @@
           "version": "1.0.0",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "number-is-nan": "^1.0.0"
           }
@@ -3422,6 +3430,7 @@
           "version": "3.0.4",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "brace-expansion": "^1.1.7"
           }
@@ -3429,12 +3438,14 @@
         "minimist": {
           "version": "0.0.8",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "minipass": {
           "version": "2.3.5",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "safe-buffer": "^5.1.2",
             "yallist": "^3.0.0"
@@ -3453,6 +3464,7 @@
           "version": "0.5.1",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "minimist": "0.0.8"
           }
@@ -3533,7 +3545,8 @@
         "number-is-nan": {
           "version": "1.0.1",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "object-assign": {
           "version": "4.1.1",
@@ -3545,6 +3558,7 @@
           "version": "1.4.0",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "wrappy": "1"
           }
@@ -3630,7 +3644,8 @@
         "safe-buffer": {
           "version": "5.1.2",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "safer-buffer": {
           "version": "2.1.2",
@@ -3666,6 +3681,7 @@
           "version": "1.0.2",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "code-point-at": "^1.0.0",
             "is-fullwidth-code-point": "^1.0.0",
@@ -3685,6 +3701,7 @@
           "version": "3.0.1",
           "bundled": true,
           "dev": true,
+          "optional": true,
           "requires": {
             "ansi-regex": "^2.0.0"
           }
@@ -3728,12 +3745,14 @@
         "wrappy": {
           "version": "1.0.2",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         },
         "yallist": {
           "version": "3.0.3",
           "bundled": true,
-          "dev": true
+          "dev": true,
+          "optional": true
         }
       }
     },
@@ -3845,7 +3864,7 @@
       "dependencies": {
         "axios": {
           "version": "0.15.3",
-          "resolved": "https://registry.npmjs.org/axios/-/axios-0.15.3.tgz",
+          "resolved": "http://registry.npmjs.org/axios/-/axios-0.15.3.tgz",
           "integrity": "sha1-LJ1jiy4ZGgjqHWzJiOrda6W9wFM=",
           "dev": true,
           "requires": {
@@ -5301,7 +5320,7 @@
     },
     "mkdirp": {
       "version": "0.5.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
+      "resolved": "http://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
       "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
       "dev": true,
       "requires": {
@@ -11643,7 +11662,7 @@
     },
     "wrap-ansi": {
       "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
+      "resolved": "http://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
       "integrity": "sha1-2Pw9KE3QV5T+hJc8rs3Rz4JP3YU=",
       "dev": true,
       "requires": {
diff --git a/core/package.json b/core/package.json
index 3876142ff0..9a856293e6 100644
--- a/core/package.json
+++ b/core/package.json
@@ -41,7 +41,7 @@
     "test": "babel-node ./node_modules/nyc/bin/nyc.js mocha -- --recursive test",
     "test:watch": "npm run test -- --watch",
     "bundlesize": "npm run bundle && bundlesize",
-    "prepush": "npm test"
+    "prepush": "../scripts/remove-test-prefixes.sh && npm test"
   },
   "bundlesize": [
     {
diff --git a/core/src/App.html b/core/src/App.html
index 7187aae071..a6f92c122b 100644
--- a/core/src/App.html
+++ b/core/src/App.html
@@ -55,7 +55,7 @@
   import ConfirmationModal from './ConfirmationModal.html';
   import Alerts from './Alerts.html';
   import Modal from './Modal.html';
-  import { LuigiConfig } from './services/config.js';
+  import { LuigiConfig } from './core-api';
   import * as Routing from './services/routing.js';
   import * as Navigation from './navigation/services/navigation.js';
   import * as Iframe from './services/iframe';
diff --git a/core/src/Authorization.html b/core/src/Authorization.html
index 746161a556..b4fd0d1cda 100644
--- a/core/src/Authorization.html
+++ b/core/src/Authorization.html
@@ -63,7 +63,7 @@
 </nav>
 {/if}
 <script type="text/javascript">
-  import { LuigiConfig } from './services/config.js';
+  import { LuigiAuth, LuigiConfig } from './core-api';
   import * as GenericHelpers from './utilities/helpers/generic-helpers.js';
   import * as Routing from './services/routing';
   import * as AuthHelpers from './utilities/helpers/auth-helpers';
@@ -106,7 +106,7 @@
     if (customIdpProvider) {
       ['login'].forEach(requiredFnName => {
         if (!GenericHelpers.isFunction(customIdpProvider[requiredFnName])) {
-          throw new IdpProviderException(
+          throw IdpProviderException(
             `${requiredFnName} function does not exist in custom IDP Provider ${idpProviderName}`
           );
         }
@@ -115,7 +115,7 @@
       return new customIdpProvider(idpProviderSettings);
     }
 
-    throw new IdpProviderException(
+    throw IdpProviderException(
       `IDP Provider ${idpProviderName} does not exist.`
     );
   };
@@ -127,21 +127,39 @@
         profileNav: { logout: {}, items: [] }
       };
     },
-    oncreate() {
-      if (!LuigiConfig.isAuthorizationEnabled()) {
+    async oncreate() {
+      if (!LuigiAuth.isAuthorizationEnabled()) {
         return;
       }
+
       const idpProviderName = LuigiConfig.getConfigValue('auth.use');
       const idpProviderSettings = LuigiConfig.getConfigValue(
         `auth.${idpProviderName}`
       );
-      const checkAuth = () => {
+
+      const checkAuth = async idpProviderSettings => {
         const authData = AuthHelpers.getStoredAuthData();
         if (!authData || !isAuthValid()) {
           if (LuigiConfig.getConfigValue('auth.disableAutoLogin')) {
             return;
           }
-          this.startAuthorization();
+
+          /**
+           * onAuthExpired
+           * If onAuthExpired exists, it will be evaluated.
+           * Continues with the standard authorization flow,
+           * if `onAuthExpired` it returns undefined or truthy value.
+           */
+          let startAuth = true;
+          if (authData) {
+            startAuth = await LuigiAuth.handleAuthEvent(
+              'onAuthExpired',
+              idpProviderSettings
+            );
+          }
+          if (startAuth) {
+            this.startAuthorization();
+          }
           return;
         }
 
@@ -166,12 +184,17 @@
             this.set({ isLoggedIn: true });
           }
         }
-        const onAuthSuccessfulFn = LuigiConfig.getConfigValue(
-          'auth.events.onAuthSuccessful'
+
+        const hasAuthSuccessFulFn = GenericHelpers.isFunction(
+          LuigiConfig.getConfigValue('auth.events.onAuthSuccessful')
         );
-        if (onAuthSuccessfulFn && newlyAuthorized()) {
+        if (hasAuthSuccessFulFn && newlyAuthorized()) {
           localStorage.removeItem('luigi.newlyAuthorized');
-          onAuthSuccessfulFn(authData);
+          await LuigiAuth.handleAuthEvent(
+            'onAuthSuccessful',
+            idpProviderSettings,
+            authData
+          );
         }
 
         if (
@@ -183,6 +206,21 @@
         }
       };
 
+      /**
+       * Prevent IDP Provider initialization, if an error is present
+       * in the url params and onAuthError is defined in the user config.
+       * errors are represented by `error` and `errorDescription` param.
+       */
+      const urlAuthError = this.get().urlAuthError || {};
+      const noError = await AuthHelpers.handleUrlAuthErrors(
+        idpProviderSettings,
+        urlAuthError.error,
+        urlAuthError.errorDescription
+      );
+      if (!noError) {
+        return;
+      }
+
       idpProviderInstance = getIdpProviderInstance(
         idpProviderName,
         idpProviderSettings
@@ -191,7 +229,7 @@
         return idpProviderInstance
           .then(resolved => {
             idpProviderInstance = resolved;
-            checkAuth();
+            checkAuth(idpProviderSettings);
           })
           .catch(err => {
             console.error(
@@ -199,7 +237,7 @@
             );
           });
       }
-      checkAuth();
+      checkAuth(idpProviderSettings);
     },
     helpers: {
       hasOpenUIicon(node) {
@@ -241,12 +279,13 @@
       logout: function() {
         const authData = AuthHelpers.getStoredAuthData();
 
-        const logoutCallback = () => {
-          const onLogoutFn = LuigiConfig.getConfigValue('auth.events.onLogout');
-          if (onLogoutFn) {
-            onLogoutFn();
-          }
-
+        const logoutCallback = async redirectUrl => {
+          await LuigiAuth.handleAuthEvent(
+            'onLogout',
+            idpProviderInstance.settings,
+            undefined,
+            redirectUrl
+          );
           this.set({ isLoggedIn: false });
           localStorage.removeItem('luigi.auth');
         };
@@ -263,8 +302,7 @@
         } else if (GenericHelpers.isFunction(idpProviderInstance.logout)) {
           idpProviderInstance.logout(authData, logoutCallback);
         } else {
-          logoutCallback();
-          window.location.href = idpProviderInstance.settings.logoutUrl;
+          logoutCallback(idpProviderInstance.settings.logoutUrl);
         }
       }
     },
diff --git a/core/src/Backdrop.html b/core/src/Backdrop.html
index 00219b8fdb..fcdba7162d 100644
--- a/core/src/Backdrop.html
+++ b/core/src/Backdrop.html
@@ -1,7 +1,9 @@
-<div class="{backdropClass}" aria-hidden="false"><slot></slot></div>
+<div class="{backdropClass}" aria-hidden="false">
+  <slot></slot>
+</div>
 
 <script type="text/javascript">
-  import { LuigiConfig } from './services/config.js';
+  import { LuigiConfig } from './core-api';
   import * as iFrameHelpers from './utilities/helpers/iframe-helpers.js';
   export default {
     data() {
@@ -17,7 +19,7 @@
       if (!backdropDisabled) {
         this.setBackdropClass();
         window.addEventListener('message', e => {
-          if(!this.root.getValidMessageSource(e)) return;
+          if (!this.root.getValidMessageSource(e)) return;
           if ('luigi.add-backdrop' === e.data.msg) {
             this.set({ backdropActive: true });
           }
diff --git a/core/src/Modal.html b/core/src/Modal.html
index b27c193e59..bf0e5d1de0 100644
--- a/core/src/Modal.html
+++ b/core/src/Modal.html
@@ -18,9 +18,9 @@ <h1 class="fd-modal__title">{modalSettings.title}</h1>
 <script>
   import * as Navigation from './navigation/services/navigation';
   import * as RoutingHelpers from './utilities/helpers/routing-helpers';
-  import { LuigiConfig } from './services/config';
+  import { LuigiConfig } from './core-api';
   import * as GenericHelpers from './utilities/helpers/generic-helpers';
-  import {createIframe} from './utilities/helpers/iframe-helpers';
+  import { createIframe } from './utilities/helpers/iframe-helpers';
 
   const prepareNodeData = async (component, path) => {
     const pathUrlRaw =
diff --git a/core/src/auth/oauth2/callback.html b/core/src/auth/oauth2/callback.html
index aa46d754f3..22dfe85d98 100644
--- a/core/src/auth/oauth2/callback.html
+++ b/core/src/auth/oauth2/callback.html
@@ -1,77 +1,81 @@
-<!DOCTYPE html>
+<!doctype html>
 <html>
-  <head>
-    <meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
-    <script type="text/javascript">
-      var tokenLifetimeDays = 7;
-      var allPossibilitiesOfHashSlashes = '([^#/?=&]+)(=([^&]*))?';
+<head>
+  <meta http-equiv="Content-type" content="text/html;charset=UTF-8">
+  <script type="text/javascript">
+  var tokenLifetimeDays = 7;
+  var allPossibilitiesOfHashSlashes = '([^#/?=&]+)(=([^&]*))?';
 
-      var getHashParams = function(uri) {
-        var hashParams = {};
-        uri.replace(new RegExp(allPossibilitiesOfHashSlashes, 'g'), function(
-          $0,
-          $1,
-          $2,
-          $3
-        ) {
-          hashParams[$1] = $3;
-        });
-        return hashParams;
-      };
+  var getHashParams = function(uri) {
+    var hashParams = {};
+    uri.replace(new RegExp(allPossibilitiesOfHashSlashes, 'g'), function(
+      $0,
+      $1,
+      $2,
+      $3
+    ) {
+      hashParams[$1] = $3;
+    });
+    return hashParams;
+  };
 
-      var processExpDate = function(expiresInString) {
-        var expirationDate;
-        var expiresIn = Number(expiresInString);
-        if (!isNaN(expiresIn) && expiresIn > 0) {
-          var nsToMsMultiplier = 1000;
-          expirationDate =
-            Number(new Date()) +
-            nsToMsMultiplier * (expiresIn - tokenLifetimeDays);
-        }
-        return expirationDate;
-      };
-    </script>
-  </head>
+  var processExpDate = function(expiresInString) {
+    var expirationDate;
+    var expiresIn = Number(expiresInString);
+    if (!isNaN(expiresIn) && expiresIn > 0) {
+      var nsToMsMultiplier = 1000;
+      expirationDate =
+        Number(new Date()) + nsToMsMultiplier * (expiresIn - tokenLifetimeDays);
+    }
+    return expirationDate;
+  };
+  </script>
+</head>
 
-  <body>
-    <script type="text/javascript">
-      var encodeURIComponent = function(val) {
-        return val;
-      }; // Possibly just making some tool happy
-      var uri = encodeURIComponent(window.location.href);
-      var hashParams = getHashParams(uri);
-      if (hashParams && (hashParams['access_token'] || hashParams['error'])) {
-        var error = hashParams['error'];
-        if (!error) {
-          var data = {
-            accessToken: hashParams['access_token'],
-            accessTokenExpirationDate: processExpDate(hashParams['expires_in']),
-            scope: hashParams['scope'],
-            idToken: hashParams['id_token']
-          };
-          localStorage.setItem('luigi.auth', JSON.stringify(data));
+<body>
+  <script type="text/javascript">
+  var encodeURIComponent = function(val) {
+    return val;
+  }; // Possibly just making some tool happy
+  var uri = encodeURIComponent(window.location.href);
+  var hashParams = getHashParams(uri);
+  if (hashParams && (hashParams['access_token'] || hashParams['error'])) {
+    var error = hashParams['error'];
+    if (!error) {
+      var data = {
+        accessToken: hashParams['access_token'],
+        accessTokenExpirationDate: processExpDate(hashParams['expires_in']),
+        scope: hashParams['scope'],
+        idToken: hashParams['id_token']
+      };
 
-          var decodedState = atob(
-            decodeURIComponent(hashParams['state'])
-          ).split('_luigiNonce=');
-          var appState = decodedState[0] || '';
-          var nonce = decodedState[1];
+      // TODO:
+      localStorage.setItem('luigi.auth', JSON.stringify(data));
+      localStorage.setItem('luigi.newlyAuthorized', true);
 
-          if (nonce !== sessionStorage.getItem('luigi.nonceValue')) {
-            document.getElementsByTagName('body')[0].innerHTML =
-              'Something went wrong. Try to log in again.';
-            throw new Error(
-              'State parameter returned from the authorization endpoint does not match locally stored state. Aborting login process.'
-            );
-          }
+      var decodedState = atob(decodeURIComponent(hashParams['state'])).split(
+        '_luigiNonce='
+      );
+      var appState = decodedState[0] || '';
+      var nonce = decodedState[1];
 
-          window.location.href = appState;
-        } else {
-          // else tree only applies to idtoken auths, I guess
-          var errorDescription = hashParams['error_description'];
-          console.error('error', errorDescription);
-        }
+      if (nonce !== sessionStorage.getItem('luigi.nonceValue')) {
+        document.getElementsByTagName('body')[0].innerHTML =
+          'Something went wrong. Try to log in again.';
+        throw new Error(
+          'State parameter returned from the authorization endpoint does not match locally stored state. Aborting login process.'
+        );
       }
-    </script>
-  </body>
+
+      window.location.href = appState;
+    } else {
+      // else tree only applies to idtoken auths, I guess
+      var errorDescription = hashParams['error_description'];
+      console.error('error', errorDescription);
+      window.location.href =
+        '/?error=' + error + '&errorDescription=' + errorDescription;
+    }
+  }
+  </script>
+</body>
 </html>
diff --git a/core/src/core-api/auth.js b/core/src/core-api/auth.js
new file mode 100644
index 0000000000..9eab4c9b79
--- /dev/null
+++ b/core/src/core-api/auth.js
@@ -0,0 +1,41 @@
+// import * as AsyncHelpers from '../utilities/helpers/async-helpers';
+// import * as GenericHelpers from '../utilities/helpers/generic-helpers';
+import { config } from './config';
+
+class LuigiAuthManager {
+  constructor() {}
+
+  /*
+   * Detects if authorization is enabled via configuration.
+   * @returns {boolean} returns true if authorization is enabled. Otherwise returns false.
+   */
+  isAuthorizationEnabled() {
+    const idpProviderName = config.getConfigValue('auth.use');
+    const idpProviderSettings = config.getConfigValue(
+      `auth.${idpProviderName}`
+    );
+    return !!idpProviderSettings;
+  }
+
+  async handleAuthEvent(
+    eventName,
+    providerInstanceSettings,
+    data,
+    redirectUrl
+  ) {
+    const result = await config.executeConfigFnAsync(
+      'auth.events.' + eventName,
+      false,
+      providerInstanceSettings,
+      data
+    );
+    let redirect = result === undefined || !!result;
+    if (redirect && redirectUrl) {
+      window.location.href = redirectUrl;
+      return;
+    }
+    return redirect;
+  }
+}
+
+export const auth = new LuigiAuthManager();
diff --git a/core/src/services/config.js b/core/src/core-api/config.js
similarity index 73%
rename from core/src/services/config.js
rename to core/src/core-api/config.js
index eb46a1f838..a39343dd24 100644
--- a/core/src/services/config.js
+++ b/core/src/core-api/config.js
@@ -1,5 +1,6 @@
 import * as AsyncHelpers from '../utilities/helpers/async-helpers';
 import * as GenericHelpers from '../utilities/helpers/generic-helpers';
+import { auth } from './auth';
 
 class LuigiConfigManager {
   constructor() {
@@ -86,19 +87,36 @@ class LuigiConfigManager {
     );
   }
 
+  /*
+   * Executes the function of the given property on the Luigi config object.
+   * Fails if property is not a function.
+   *
+   * If the value is a Function it is called (with the given parameters) and the result of that call is the value.
+   * If the value is not a Promise it is wrapped to a Promise so that the returned value is definitely a Promise.
+   */
+  async executeConfigFnAsync(property, throwError = false, ...parameters) {
+    const fn = this.getConfigValue(property);
+    if (GenericHelpers.isFunction(fn)) {
+      try {
+        return await AsyncHelpers.applyFunctionPromisified(fn, parameters);
+      } catch (error) {
+        if (throwError) {
+          return Promise.reject(error);
+        }
+      }
+    }
+
+    // Promise.reject(property + ' is not a function.');
+    return Promise.resolve(undefined);
+  }
   /*
    * Detects if authorization is enabled via configuration.
    * @returns {boolean} returns true if authorization is enabled. Otherwise returns false.
+   * @deprecated now located in Luigi.authManager instead of LuigiConfig
    */
   isAuthorizationEnabled() {
-    const idpProviderName = this.getConfigValue('auth.use');
-    const idpProviderSettings = this.getConfigValue(`auth.${idpProviderName}`);
-    return !!idpProviderSettings;
+    return auth.isAuthorizationEnabled();
   }
 }
-const LuigiInstance = new LuigiConfigManager();
-
-// Expose it window for user app to call Luigi.setConfig()
-window.Luigi = LuigiInstance;
 
-export const LuigiConfig = LuigiInstance;
+export const config = new LuigiConfigManager();
diff --git a/core/src/core-api/index.js b/core/src/core-api/index.js
new file mode 100644
index 0000000000..8662fd3594
--- /dev/null
+++ b/core/src/core-api/index.js
@@ -0,0 +1,11 @@
+import { config } from './config';
+import { auth } from './auth';
+
+export const LuigiConfig = config;
+export const LuigiAuth = auth;
+
+// Expose it window for user app to call Luigi.setConfig()
+window.Luigi = Object.assign(
+  config,
+  auth
+);
diff --git a/core/src/main.js b/core/src/main.js
index 1de260cf68..e8979fa620 100644
--- a/core/src/main.js
+++ b/core/src/main.js
@@ -1,6 +1,6 @@
 import App from './App.html';
 import { authLibraries } from './providers/auth/libraryLoaders';
-import { LuigiConfig } from './services/config';
+import { LuigiConfig } from './core-api';
 
 const configReadyCallback = () => {
   const authLib = LuigiConfig.getConfigValue('auth.use');
diff --git a/core/src/navigation/ContextSwitcher.html b/core/src/navigation/ContextSwitcher.html
index 404dc9abfb..e12d369417 100644
--- a/core/src/navigation/ContextSwitcher.html
+++ b/core/src/navigation/ContextSwitcher.html
@@ -67,7 +67,7 @@
 {/if}
 <script type="text/javascript">
   import { ContextSwitcherHelpers } from './services/context-switcher.js';
-  import { LuigiConfig } from '../services/config.js';
+  import { LuigiConfig } from '../core-api';
   import * as Helpers from '../utilities/helpers/generic-helpers.js';
   import * as Routing from '../services/routing.js';
   import * as RoutingHelpers from '../utilities/helpers/routing-helpers';
diff --git a/core/src/navigation/LeftNav.html b/core/src/navigation/LeftNav.html
index f06ab171c2..a4920d64f5 100644
--- a/core/src/navigation/LeftNav.html
+++ b/core/src/navigation/LeftNav.html
@@ -148,7 +148,7 @@
 <script type="text/javascript">
   import * as Navigation from './services/navigation.js';
   import * as NavigationHelpers from '../utilities/helpers/navigation-helpers';
-  import { LuigiConfig } from '../services/config.js';
+  import { LuigiConfig } from '../core-api';
 
   const setLeftNavData = async (current, component) => {
     const componentData = component.get();
diff --git a/core/src/navigation/LogoTitle.html b/core/src/navigation/LogoTitle.html
index dac876733c..d0c78260d9 100644
--- a/core/src/navigation/LogoTitle.html
+++ b/core/src/navigation/LogoTitle.html
@@ -47,7 +47,7 @@
 {/if}
 <script type="text/javascript">
   import * as Header from './services/header.js';
-  import { LuigiConfig } from '../services/config.js';
+  import { LuigiConfig } from '../core-api';
   import { processHeaderSettings } from './services/header.js';
   import * as Routing from '../services/routing.js';
 
diff --git a/core/src/navigation/ProductSwitcher.html b/core/src/navigation/ProductSwitcher.html
index e228387b1b..d520457073 100644
--- a/core/src/navigation/ProductSwitcher.html
+++ b/core/src/navigation/ProductSwitcher.html
@@ -94,7 +94,7 @@ <h1 class="fd-modal__title">My Products</h1>
 {/if}
 {/if}
 <script type="text/javascript">
-  import { LuigiConfig } from '../services/config.js';
+  import { LuigiConfig } from '../core-api';
   import * as Routing from '../services/routing.js';
   export default {
     async oncreate() {
diff --git a/core/src/navigation/TopNav.html b/core/src/navigation/TopNav.html
index f54e8ee4a1..a8ef941fac 100644
--- a/core/src/navigation/TopNav.html
+++ b/core/src/navigation/TopNav.html
@@ -1,4 +1,4 @@
-<svelte:window on:click="closeAllDropdowns()" on:blur="closeAllDropdowns()"/>
+<svelte:window on:click="closeAllDropdowns()" on:blur="closeAllDropdowns()" />
 {#if showTopNav}
 <div class="fd-shellbar {hideNavComponent ? 'hideNavComponent' : ''}">
   <div class="fd-shellbar__group fd-shellbar__group--start">
@@ -32,7 +32,8 @@
           aria-haspopup="true"
           on:click="handleClick(node)"
         >
-          {#if node.icon} {#if hasOpenUIicon(node)}
+          {#if node.icon}
+          {#if hasOpenUIicon(node)}
           <span
             class="fd-top-nav__icon sap-icon--{node.icon} sap-icon--m"
           ></span>
@@ -42,14 +43,17 @@
             src="{node.icon}"
           >
           {/if}
+          <!-- end hasOpenUIicon-->
           {:else}
           <span>{node.label}</span>
           {/if}
+          <!-- end node.icon -->
           {#if node.externalLink && node.externalLink.url}
           <span
             class="sap-icon--action sap-icon--s"
           ></span>
           {/if}
+          <!-- end node.externallLink.url -->
         </button>
       </div>
       {/if}
@@ -173,6 +177,7 @@
                 <Authorization
                   on:toggleDropdownState="toggleDropdownState('profilePopover')"
                   on:userInfoUpdated="userInfoUpdate(event)"
+                  {urlAuthError}
                 />
               </div>
             </div>
@@ -195,6 +200,7 @@
   on:toggleDropdownState="toggleDropdownState('profilePopover')"
   on:userInfoUpdated="userInfoUpdate(event)"
   isHidden="{true}"
+  {urlAuthError}
 />
 {/if}
 <script type="text/javascript">
@@ -202,7 +208,7 @@
   import LogoTitle from './LogoTitle.html';
   import Authorization from '../Authorization.html';
   import ProductSwitcher from './ProductSwitcher.html';
-  import { LuigiConfig } from '../services/config.js';
+  import { LuigiAuth, LuigiConfig } from '../core-api';
   import * as Routing from '../services/routing';
   import * as Navigation from './services/navigation.js';
   import * as NavigationHelpers from '../utilities/helpers/navigation-helpers';
@@ -242,7 +248,7 @@
   export default {
     oncreate() {
       this.set({
-        authorizationEnabled: LuigiConfig.isAuthorizationEnabled(),
+        authorizationEnabled: LuigiAuth.isAuthorizationEnabled(),
         autologinEnabled: !Boolean(
           LuigiConfig.getConfigValue('auth.disableAutoLogin')
         ),
@@ -254,7 +260,8 @@
         ),
         responsiveNavSetting: LuigiConfig.getConfigValue(
           'settings.responsiveNavigation'
-        )
+        ),
+        urlAuthError: AuthHelpers.parseUrlAuthErrors()
       });
     },
     onstate({ changed, current, previous }) {
diff --git a/core/src/navigation/services/header.js b/core/src/navigation/services/header.js
index c1434785fd..b5ce3a7c5e 100644
--- a/core/src/navigation/services/header.js
+++ b/core/src/navigation/services/header.js
@@ -1,4 +1,4 @@
-import { LuigiConfig } from '../../services/config.js';
+import { LuigiConfig } from '../../core-api';
 
 export const processHeaderSettings = component => {
   return LuigiConfig.getConfigValueAsync('settings.header').then(header => {
diff --git a/core/src/providers/auth/oAuth2ImplicitGrant.js b/core/src/providers/auth/oAuth2ImplicitGrant.js
index f75cdc44e4..eb98dfc7c2 100644
--- a/core/src/providers/auth/oAuth2ImplicitGrant.js
+++ b/core/src/providers/auth/oAuth2ImplicitGrant.js
@@ -1,4 +1,5 @@
 import * as GenericHelpers from '../../utilities/helpers/generic-helpers.js';
+import { LuigiAuth } from '../../core-api';
 
 export class oAuth2ImplicitGrant {
   constructor(settings = {}) {
@@ -97,7 +98,7 @@ export class oAuth2ImplicitGrant {
     });
   }
 
-  logout(authData, logoutCallback) {
+  logout(authData, authEventLogoutFn) {
     const settings = this.settings;
     const logouturl = `${settings.logoutUrl}?id_token_hint=${
       authData.idToken
@@ -106,9 +107,9 @@ export class oAuth2ImplicitGrant {
     }&post_logout_redirect_uri=${GenericHelpers.prependOrigin(
       settings.post_logout_redirect_uri
     )}`;
-    logoutCallback && logoutCallback();
+    authEventLogoutFn && authEventLogoutFn();
 
-    setTimeout(function() {
+    setTimeout(() => {
       window.location.href = logouturl;
     });
   }
@@ -117,20 +118,31 @@ export class oAuth2ImplicitGrant {
     const expirationCheckInterval = 5000;
     const logoutBeforeExpirationTime = 60000;
 
-    setInterval(() => {
+    const expirationCheckIntervalInstance = setInterval(() => {
       let authData = this.getAuthData();
+      if (!authData) {
+        return clearInterval(expirationCheckIntervalInstance);
+      }
       const tokenExpirationDate = authData
         ? authData.accessTokenExpirationDate || 0
         : 0;
       const currentDate = new Date();
 
       if (tokenExpirationDate - currentDate - logoutBeforeExpirationTime < 0) {
+        clearInterval(expirationCheckIntervalInstance);
         localStorage.removeItem('luigi.auth');
-        window.location = `${
+        // TODO: check if valid (mock-auth requires it), post_logout_redirect_uri is an assumption, might not be available for all auth providers
+        const redirectUrl = `${
           this.settings.logoutUrl
-        }?reason=tokenExpired&post_logout_redirect_uri=${GenericHelpers.prependOrigin(
+        }?error=tokenExpired&post_logout_redirect_uri=${GenericHelpers.prependOrigin(
           this.settings.post_logout_redirect_uri
         )}`;
+        LuigiAuth.handleAuthEvent(
+          'onAuthExpired',
+          this.settings,
+          undefined,
+          redirectUrl
+        );
       }
     }, expirationCheckInterval);
   }
diff --git a/core/src/providers/auth/openIdConnect.js b/core/src/providers/auth/openIdConnect.js
index 4ba7c13696..88623f63e4 100644
--- a/core/src/providers/auth/openIdConnect.js
+++ b/core/src/providers/auth/openIdConnect.js
@@ -1,6 +1,7 @@
 import * as GenericHelpers from '../../utilities/helpers/generic-helpers';
 import * as AsyncHelpers from '../../utilities/helpers/async-helpers';
 import { thirdPartyCookiesStatus } from '../../utilities/third-party-cookies-check';
+import { LuigiAuth } from '../../core-api';
 
 export class openIdConnect {
   constructor(settings = {}) {
@@ -63,8 +64,8 @@ export class openIdConnect {
     });
   }
 
-  logout(authData, callback) {
-    callback();
+  logout(authData, authOnLogoutFn) {
+    authOnLogoutFn();
     window.location.href = this.settings.logoutUrl;
     // TODO: dex logout is not yet supported
     // const signoutData = {
@@ -82,7 +83,12 @@ export class openIdConnect {
   setTokenExpirationAction() {
     if (!this.settings.automaticSilentRenew) {
       this.client.events.addAccessTokenExpired(() => {
-        window.location = this.settings.logoutUrl + '?reason=tokenExpired';
+        LuigiAuth.handleAuthEvent(
+          'onAuthExpired',
+          this.settings,
+          undefined,
+          this.settings.logoutUrl + '?error=tokenExpired'
+        );
       });
     }
 
@@ -94,23 +100,27 @@ export class openIdConnect {
     }
 
     this.client.events.addSilentRenewError(e => {
+      let redirectUrl;
       switch (e.message) {
         case 'interaction_required':
         case 'login_required':
         case 'account_selection_required':
         case 'consent_required': // possible cause: disabled third party cookies in the browser
-          window.location.href =
+          redirectUrl =
             this.settings.logoutUrl +
-            '?reason=tokenExpired&thirdPartyCookies=' +
+            '?error=tokenExpired&thirdPartyCookies=' +
             thirdPartyCookiesStatus() +
-            '&error=' +
+            '&errorDescription=' +
             e.message;
           break;
         default:
           console.error(e);
-          window.location.href =
-            this.settings.logoutUrl + '?reason=tokenExpired&error=' + e.message;
+          redirectUrl =
+            this.settings.logoutUrl +
+            '?error=tokenExpired&errorDescription=' +
+            e.message;
       }
+      LuigiAuth.handleAuthEvent('onAuthError', this.settings, e, redirectUrl);
     });
   }
 
@@ -167,7 +177,12 @@ export class openIdConnect {
         .catch(err => {
           console.error(err);
           localStorage.removeItem('luigi.auth');
-          window.location.href = this.settings.logoutUrl + '?reason=loginError';
+          LuigiAuth.handleAuthEvent(
+            'onAuthExpired',
+            this.settings,
+            err,
+            this.settings.logoutUrl + '?error=loginError'
+          );
         });
     });
   }
diff --git a/core/src/services/iframe.js b/core/src/services/iframe.js
index 78334ee3bf..5cd01c91bd 100644
--- a/core/src/services/iframe.js
+++ b/core/src/services/iframe.js
@@ -4,7 +4,7 @@ import * as IframeHelpers from '../utilities/helpers/iframe-helpers';
 import * as GenericHelpers from '../utilities/helpers/generic-helpers';
 import * as RoutingHelpers from '../utilities/helpers/routing-helpers';
 import { createIframe } from '../utilities/helpers/iframe-helpers';
-import { LuigiConfig } from './config';
+import { LuigiConfig } from '../core-api';
 
 const iframeNavFallbackTimeout = 2000;
 let timeoutHandle;
diff --git a/core/src/services/routing.js b/core/src/services/routing.js
index 77c28bd148..917eb9fd8a 100644
--- a/core/src/services/routing.js
+++ b/core/src/services/routing.js
@@ -2,7 +2,7 @@
 // Please consider adding any new methods to 'routing-helpers' if they don't require anything from this file.
 import * as Navigation from '../navigation/services/navigation';
 import * as RoutingHelpers from '../utilities/helpers/routing-helpers';
-import { LuigiConfig } from './config';
+import { LuigiConfig } from '../core-api';
 import * as GenericHelpers from '../utilities/helpers/generic-helpers';
 import * as Iframe from './iframe';
 import { NAVIGATION_DEFAULTS } from './../utilities/luigi-config-defaults';
diff --git a/core/src/utilities/helpers/async-helpers.js b/core/src/utilities/helpers/async-helpers.js
index b10d98bc90..0b2fe0465b 100644
--- a/core/src/utilities/helpers/async-helpers.js
+++ b/core/src/utilities/helpers/async-helpers.js
@@ -27,6 +27,28 @@ export const waitForKeyExistency = (
   });
 };
 
+export const wrapAsPromise = value => {
+  return new Promise(resolve => {
+    resolve(value);
+  });
+};
+
+/**
+ * Executes a function with a set of parameters
+ * and returns its value as promise
+ *
+ * @param {function} value  a function
+ * @param {array} args an array of arguments
+ * @returns {promise}
+ */
+export const applyFunctionPromisified = (fn, args) => {
+  fn = fn.apply(this, args);
+  if (GenericHelpers.isPromise(fn)) {
+    return fn;
+  }
+  return wrapAsPromise(fn);
+};
+
 /*
  * Gets value of the given property on the given object.
  * If the value is a Function it is called and the result of that call is the value.
@@ -39,12 +61,7 @@ export const getConfigValueFromObjectAsync = (
 ) => {
   let value = GenericHelpers.getConfigValueFromObject(object, property);
   if (GenericHelpers.isFunction(value)) {
-    value = value.apply(this, parameters);
-    if (GenericHelpers.isPromise(value)) {
-      return value;
-    }
+    return applyFunctionPromisified(value, parameters);
   }
-  return new Promise(resolve => {
-    resolve(value);
-  });
+  return wrapAsPromise(value);
 };
diff --git a/core/src/utilities/helpers/auth-helpers.js b/core/src/utilities/helpers/auth-helpers.js
index 9c4b4b00fd..878d064745 100644
--- a/core/src/utilities/helpers/auth-helpers.js
+++ b/core/src/utilities/helpers/auth-helpers.js
@@ -1,3 +1,6 @@
+import { LuigiAuth } from '../../core-api';
+import * as GenericHelpers from './generic-helpers';
+
 export const getStoredAuthData = () =>
   JSON.parse(localStorage.getItem('luigi.auth'));
 
@@ -7,3 +10,44 @@ export const isLoggedIn = () => {
     storedAuthData.accessTokenExpirationDate > Number(new Date());
   return storedAuthData && isAuthValid();
 };
+
+/**
+ * Checks if there is a error parameter in the url
+ * and returns error and error description
+ */
+export const parseUrlAuthErrors = () => {
+  const error = GenericHelpers.getUrlParameter('error');
+  const errorDescription = GenericHelpers.getUrlParameter('errorDescription');
+  if (error) {
+    return { error, errorDescription };
+  }
+  return;
+};
+/**
+ * Triggers onAuthError event with the found error
+ * and error parameters.
+ * @param {object} providerInstanceSettings
+ * @param {string} error
+ * @param {string} errorDescription
+ */
+export const handleUrlAuthErrors = async (
+  providerInstanceSettings,
+  error,
+  errorDescription
+) => {
+  if (error) {
+    return await LuigiAuth.handleAuthEvent(
+      'onAuthError',
+      providerInstanceSettings,
+      { error, errorDescription },
+      providerInstanceSettings.logoutUrl +
+        '?markus=test&post_logout_redirect_uri=' +
+        providerInstanceSettings.post_logout_redirect_uri +
+        '&error=' +
+        error +
+        '&errorDescription=' +
+        errorDescription
+    );
+  }
+  return true;
+};
diff --git a/core/src/utilities/helpers/generic-helpers.js b/core/src/utilities/helpers/generic-helpers.js
index f33cc5fa13..abc67d9768 100644
--- a/core/src/utilities/helpers/generic-helpers.js
+++ b/core/src/utilities/helpers/generic-helpers.js
@@ -73,6 +73,18 @@ export const getPathWithoutHash = path => {
   return path;
 };
 
+/**
+ * Returns the value of a given url parameter name
+ * @param {string} name
+ */
+export const getUrlParameter = (name) => {
+  name = name.replace(/[\[]/, '\\[').replace(/[\]]/, '\\]');
+  var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
+  var result = regex.exec(window.location.search);
+  return result && decodeURIComponent(result[1].replace(/\+/g, ' ')) || '';
+};
+
+
 /**
  * Prepend current url to redirect_uri, if it is a relative path
  * @param {path} string full url, relative or absolute path
@@ -173,9 +185,9 @@ export const replaceVars = (
         new RegExp(
           escapeRegExp(
             (parenthesis ? '{' : '') +
-              prefix +
-              entry[0] +
-              (parenthesis ? '}' : '')
+            prefix +
+            entry[0] +
+            (parenthesis ? '}' : '')
           ),
           'g'
         ),
diff --git a/core/src/utilities/helpers/navigation-helpers.js b/core/src/utilities/helpers/navigation-helpers.js
index bed0d5d188..7ec1129580 100644
--- a/core/src/utilities/helpers/navigation-helpers.js
+++ b/core/src/utilities/helpers/navigation-helpers.js
@@ -1,5 +1,5 @@
 // Helper methods for 'navigation.js' file. They don't require any method from 'navigation.js` but are required by them.
-import { LuigiConfig } from '../../services/config';
+import { LuigiAuth, LuigiConfig } from '../../core-api';
 import * as AuthHelpers from './auth-helpers';
 
 const EXP_CAT_KEY = 'luigi.preferences.navigation.expandedCategories';
@@ -9,7 +9,7 @@ export const isNodeAccessPermitted = (
   parentNode,
   currentContext
 ) => {
-  if (LuigiConfig.isAuthorizationEnabled()) {
+  if (LuigiAuth.isAuthorizationEnabled()) {
     const loggedIn = AuthHelpers.isLoggedIn();
     const anon = nodeToCheckPermissionFor.anonymousAccess;
 
diff --git a/core/src/utilities/helpers/routing-helpers.js b/core/src/utilities/helpers/routing-helpers.js
index e86064c0b1..c82451d9a2 100644
--- a/core/src/utilities/helpers/routing-helpers.js
+++ b/core/src/utilities/helpers/routing-helpers.js
@@ -1,6 +1,6 @@
 // Helper methods for 'routing.js' file. They don't require any method from 'routing.js' but are required by them.
 // They are also rarely used directly from outside of 'routing.js'
-import { LuigiConfig } from '../../services/config';
+import { LuigiConfig } from '../../core-api';
 import { sanitizeParam } from './escaping-helpers';
 import * as AsyncHelpers from './async-helpers';
 import * as GenericHelpers from './generic-helpers';
diff --git a/core/test/services/config.spec.js b/core/test/services/config.spec.js
index 04fe695134..0555f5c3bb 100644
--- a/core/test/services/config.spec.js
+++ b/core/test/services/config.spec.js
@@ -1,6 +1,9 @@
 const chai = require('chai');
 const assert = chai.assert;
-import { LuigiConfig } from '../../src/services/config';
+const sinon = require('sinon');
+
+import { LuigiConfig } from '../../src/core-api';
+const AsyncHelpers = require('../../src/utilities/helpers/async-helpers');
 
 describe('Config', () => {
   describe('getConfigBooleanValue', () => {
@@ -40,4 +43,85 @@ describe('Config', () => {
       );
     });
   });
+
+  describe('executeConfigFnAsync', () => {
+    it('returns correct value', async () => {
+      //given
+      LuigiConfig.config = {
+        truthyFn: (param1, param2) => 'value' + param1 + param2,
+        truthyFnAsync: (param1, param2) =>
+          Promise.resolve('value' + param1 + param2)
+      };
+
+      const resultTruthyFn = await LuigiConfig.executeConfigFnAsync(
+        'truthyFn',
+        false,
+        'foo',
+        'bar'
+      );
+      assert.equal(resultTruthyFn, 'valuefoobar');
+
+      const resultTruthyFnAsync = await LuigiConfig.executeConfigFnAsync(
+        'truthyFnAsync',
+        false,
+        'foo',
+        'bar'
+      );
+      assert.equal(resultTruthyFnAsync, 'valuefoobar');
+    });
+
+    it('returns undefined on non-existing fn', async () => {
+      //given
+      LuigiConfig.config = {};
+
+      const resultUndefined = await LuigiConfig.executeConfigFnAsync(
+        'not.existing.value'
+      );
+      assert.isUndefined(resultUndefined, 'async fn result is not undefined');
+    });
+
+    it('returns undefined on error/rejected promise', async () => {
+      //given
+      LuigiConfig.config = {
+        rejectFnAsync: (param1, param2) =>
+          Promise.reject(new Error('rejected')),
+        errFnAsync: (param1, param2) => {
+          throw new Error({
+            name: 'someError',
+            message: 'something went wrong'
+          });
+        }
+      };
+
+      const resultRejectFnAsync = await LuigiConfig.executeConfigFnAsync(
+        'rejectFnAsync'
+      );
+      assert.isUndefined(resultRejectFnAsync, 'rejection did not return');
+
+      const resultErrFnAsync = await LuigiConfig.executeConfigFnAsync(
+        'errFnAsync'
+      );
+      assert.isUndefined(resultErrFnAsync, 'error did not return');
+    });
+
+    it('throws an error if throwError flag is set', async () => {
+      sinon
+        .stub(AsyncHelpers, 'applyFunctionPromisified')
+        .returns(Promise.reject(new Error('rejected')));
+      //given
+      LuigiConfig.config = {
+        rejectFnAsync: (param1, param2) => {}
+      };
+
+      // second parameter throws an error and we want it to throw an error on failure
+      // catching it here to be able to evaluate the error message
+      let res;
+      try {
+        res = await LuigiConfig.executeConfigFnAsync('rejectFnAsync', true);
+      } catch (error) {
+        res = error;
+      }
+      assert.equal(res.message, 'rejected', 'return error does not equal');
+    });
+  });
 });
diff --git a/core/test/services/iframe.spec.js b/core/test/services/iframe.spec.js
index 47d3c3d593..c97f05b4ff 100644
--- a/core/test/services/iframe.spec.js
+++ b/core/test/services/iframe.spec.js
@@ -3,7 +3,7 @@ const assert = chai.assert;
 const sinon = require('sinon');
 const Iframe = require('../../src/services/iframe');
 import { afterEach } from 'mocha';
-import { LuigiConfig } from '../../src/services/config';
+import { LuigiConfig } from '../../src/core-api';
 
 describe('Iframe', () => {
   let node;
diff --git a/core/test/services/navigation.spec.js b/core/test/services/navigation.spec.js
index f111a317e3..25ca68957e 100644
--- a/core/test/services/navigation.spec.js
+++ b/core/test/services/navigation.spec.js
@@ -3,7 +3,7 @@ const chai = require('chai');
 const expect = chai.expect;
 const assert = chai.assert;
 const sinon = require('sinon');
-import { LuigiConfig } from '../../src/services/config';
+import { LuigiConfig } from '../../src/core-api';
 
 const sampleNavPromise = new Promise(function(resolve) {
   const lazyLoadedChildrenNodesProviderFn = () => {
diff --git a/core/test/services/routing.spec.js b/core/test/services/routing.spec.js
index d27c084f83..9c2ae454be 100644
--- a/core/test/services/routing.spec.js
+++ b/core/test/services/routing.spec.js
@@ -4,7 +4,7 @@ const sinon = require('sinon');
 const routing = require('../../src/services/routing');
 const GenericHelpers = require('../../src/utilities/helpers/generic-helpers');
 import { afterEach } from 'mocha';
-import { LuigiConfig } from '../../src/services/config';
+import { LuigiConfig } from '../../src/core-api';
 
 describe('Routing', () => {
   let component;
diff --git a/core/test/utilities/helpers/async-helpers.spec.js b/core/test/utilities/helpers/async-helpers.spec.js
new file mode 100644
index 0000000000..b63caef6ce
--- /dev/null
+++ b/core/test/utilities/helpers/async-helpers.spec.js
@@ -0,0 +1,49 @@
+const chai = require('chai');
+const assert = chai.assert;
+const AsyncHelpers = require('../../../src/utilities/helpers/async-helpers');
+const GenericHelpers = require('../../../src/utilities/helpers/generic-helpers');
+const sinon = require('sinon');
+
+describe('Async-helpers', () => {
+  beforeEach(() => {
+    // sinon.stub(LuigiConfig, 'getConfigValue');
+  });
+  afterEach(() => {
+    // sinon.restore();
+  });
+
+  describe('wrapAsPromise', () => {
+    it('returns a wrapped promise', async () => {
+      const value = 'my value';
+
+      const prom = AsyncHelpers.wrapAsPromise(value);
+
+      assert.isTrue(GenericHelpers.isPromise(prom), 'is a promise');
+      assert.equal(await prom, value, 'value is equal');
+    });
+  });
+
+  describe('applyFunctionPromisified', () => {
+    it('executes a pure function and returns a new promise', async () => {
+      const plainFunc = (one, two, three) => {
+        return three;
+      }
+      const thirdParam = 'hello';
+      const prom = AsyncHelpers.applyFunctionPromisified(plainFunc, [undefined, undefined, thirdParam]);
+
+      assert.isTrue(GenericHelpers.isPromise(prom), 'is a promise');
+      assert.equal(await prom, thirdParam, 'value is equal');
+    });
+
+    it('executes an async function and returns its promise', async () => {
+      const promiseFunc = (one, two, three) => {
+        return new Promise((resolve) => { resolve(three); });
+      }
+      const thirdParam = 'hello';
+      const prom = AsyncHelpers.applyFunctionPromisified(promiseFunc, [undefined, undefined, thirdParam]);
+
+      assert.isTrue(GenericHelpers.isPromise(prom), 'is a promise');
+      assert.equal(await prom, thirdParam, 'value is equal');
+    });
+  });
+});
diff --git a/core/test/utilities/helpers/auth-helpers.spec.js b/core/test/utilities/helpers/auth-helpers.spec.js
new file mode 100644
index 0000000000..081b3ef2f1
--- /dev/null
+++ b/core/test/utilities/helpers/auth-helpers.spec.js
@@ -0,0 +1,121 @@
+const chai = require('chai');
+const assert = chai.assert;
+const sinon = require('sinon');
+
+const GenericHelpers = require('../../../src/utilities/helpers/generic-helpers');
+const AuthHelpers = require('../../../src/utilities/helpers/auth-helpers');
+const LuigiAuth = require('../../../src/core-api').LuigiAuth;
+
+describe('Auth-helpers', () => {
+  let windowLocationImplementation;
+  beforeEach(() => {
+    windowLocationImplementation = window.location;
+    delete window.location;
+    window.location = {
+      search: function() {
+        return '';
+      }
+    };
+  });
+  afterEach(() => {
+    window.location = windowLocationImplementation;
+  });
+
+  describe('parseUrlAuthErrors', () => {
+    it('returns complete error object', () => {
+      sinon
+        .stub(GenericHelpers, 'getUrlParameter')
+        .onFirstCall()
+        .returns('mockError')
+        .onSecondCall()
+        .returns('an error description');
+
+      const err = AuthHelpers.parseUrlAuthErrors();
+      assert.equal(err.error, 'mockError');
+      assert.equal(err.errorDescription, 'an error description');
+
+      GenericHelpers.getUrlParameter.restore();
+    });
+
+    it('returns only error without description', () => {
+      sinon
+        .stub(GenericHelpers, 'getUrlParameter')
+        .onFirstCall()
+        .returns('mockError')
+        .onSecondCall()
+        .returns(undefined);
+
+      const err = AuthHelpers.parseUrlAuthErrors();
+      assert.equal(err.error, 'mockError');
+      assert.equal(err.errorDescription, undefined);
+
+      GenericHelpers.getUrlParameter.restore();
+    });
+
+    it('without error', () => {
+      sinon
+        .stub(GenericHelpers, 'getUrlParameter')
+        .onFirstCall()
+        .returns(undefined)
+        .onSecondCall()
+        .returns(undefined);
+
+      assert.equal(AuthHelpers.parseUrlAuthErrors(), undefined);
+
+      GenericHelpers.getUrlParameter.restore();
+    });
+  });
+
+  describe('handleUrlAuthErrors', () => {
+    beforeEach(() => {
+      sinon.spy(LuigiAuth, 'handleAuthEvent');
+    });
+    afterEach(() => {
+      sinon.restore();
+    });
+
+    const mockProviderInstanceSettings = {
+      logoutUrl: 'http://auth.luigi.domain/api/logout',
+      post_logout_redirect_uri: 'http://luigi.domain/logout.html'
+    };
+
+    it('without error', async () => {
+      assert.isTrue(await AuthHelpers.handleUrlAuthErrors({}));
+      assert.isTrue(LuigiAuth.handleAuthEvent.notCalled);
+    });
+
+    it('with error param', async () => {
+      await AuthHelpers.handleUrlAuthErrors(
+        mockProviderInstanceSettings,
+        'mockError'
+      );
+      assert.isTrue(LuigiAuth.handleAuthEvent.calledOnce);
+    });
+
+    it('with error and error param', async () => {
+      const error = 'mockError';
+      const errorDescription = 'An error description';
+
+      await AuthHelpers.handleUrlAuthErrors(
+        mockProviderInstanceSettings,
+        error,
+        errorDescription
+      );
+
+      assert.isTrue(LuigiAuth.handleAuthEvent.calledOnce, 'called once');
+      LuigiAuth.handleAuthEvent.calledWith(
+        'onAuthError',
+        mockProviderInstanceSettings,
+        { error, errorDescription },
+        mockProviderInstanceSettings.logoutUrl +
+          '?post_logout_redirect_uri=' +
+          mockProviderInstanceSettings.post_logout_redirect_uri +
+          '&error=' +
+          error +
+          '&errorDescription=' +
+          error,
+        'called with valid data'
+      );
+    });
+  });
+});
diff --git a/core/test/utilities/helpers/generic-helpers.spec.js b/core/test/utilities/helpers/generic-helpers.spec.js
index 0dac13561a..8f068563c3 100644
--- a/core/test/utilities/helpers/generic-helpers.spec.js
+++ b/core/test/utilities/helpers/generic-helpers.spec.js
@@ -1,8 +1,44 @@
 const chai = require('chai');
 const assert = chai.assert;
+const sinon = require('sinon');
 const GenericHelpers = require('../../../src/utilities/helpers/generic-helpers');
 
 describe('Generic-helpers', () => {
+  let windowLocationImplementation;
+  before(() => {
+    windowLocationImplementation = window.location;
+    delete window.location;
+    window.location = {
+      search: function() {
+        return '';
+      }
+    };
+  });
+  after(() => {
+    window.location = windowLocationImplementation;
+  });
+
+  it('getUrlParameter', () => {
+    const setLocationSearch = url => {
+      sinon.stub(window.location, 'search').get(() => url);
+    };
+    const catName = 'spencer';
+
+    setLocationSearch('?param=1&foo=bar&cat=' + catName);
+    assert.equal(
+      GenericHelpers.getUrlParameter('cat'),
+      catName,
+      'url with ? and multiple params'
+    );
+
+    setLocationSearch('#foo=bar&cat=' + catName + '&param=1');
+    assert.equal(
+      GenericHelpers.getUrlParameter('cat'),
+      catName,
+      'url with # and multiple params'
+    );
+  });
+
   it('getUrlWithoutHash', () => {
     const url = 'http://luigi.url.de/#hashsomething';
     const withoutHash = GenericHelpers.getUrlWithoutHash(url);
diff --git a/core/test/utilities/helpers/iframe-helpers.spec.js b/core/test/utilities/helpers/iframe-helpers.spec.js
index 987015e8fc..cee43563b7 100644
--- a/core/test/utilities/helpers/iframe-helpers.spec.js
+++ b/core/test/utilities/helpers/iframe-helpers.spec.js
@@ -3,7 +3,7 @@ const assert = chai.assert;
 const sinon = require('sinon');
 const IframeHelpers = require('../../../src/utilities/helpers/iframe-helpers');
 import { afterEach } from 'mocha';
-import { LuigiConfig } from '../../../src/services/config';
+import { LuigiConfig } from '../../../src/core-api';
 
 describe('Iframe-helpers', () => {
   let component;
@@ -45,14 +45,12 @@ describe('Iframe-helpers', () => {
     });
 
     it('getVisibleIframes', () => {
-      sinon
-        .stub(document, 'querySelectorAll')
-        .callsFake(() => [
-          {
-            src: 'http://url.com/app.html!#/prevUrl',
-            style: { display: 'block' }
-          }
-        ]);
+      sinon.stub(document, 'querySelectorAll').callsFake(() => [
+        {
+          src: 'http://url.com/app.html!#/prevUrl',
+          style: { display: 'block' }
+        }
+      ]);
       const visibleIframes = IframeHelpers.getVisibleIframes();
       assert.equal(visibleIframes.length, 1);
     });
diff --git a/core/test/utilities/helpers/navigation-helpers.spec.js b/core/test/utilities/helpers/navigation-helpers.spec.js
index c501d6106a..04551e0e6a 100644
--- a/core/test/utilities/helpers/navigation-helpers.spec.js
+++ b/core/test/utilities/helpers/navigation-helpers.spec.js
@@ -37,6 +37,10 @@ describe('Navigation-helpers', () => {
       },
       pathSegment: 'pathSegment'
     };
-    console.log('tests ', NavigationHelpers.getNodePath(node));
+    assert.equal(
+      NavigationHelpers.getNodePath(node),
+      'parent/pathSegment',
+      'path should match'
+    );
   });
 });
diff --git a/docs/README.md b/docs/README.md
index 84536991c9..b2ca31910e 100644
--- a/docs/README.md
+++ b/docs/README.md
@@ -9,6 +9,7 @@ Set up and configure the main application.
 * [Application setup](application-setup.md) shows you the first steps to prepare your application for development.
 * [Navigation configuration](navigation-configuration.md) shows you how to configure navigation in Luigi.
 * [Authorization configuration](authorization-configuration.md) guides you through the configuration to secure Luigi.
+* [Authorization events](authorization-events.md) guides you through the event configuration to react to Luigi authorization events.
 * [General settings](general-settings.md) provides you with additional configuration parameters for Luigi.
 
 ## Luigi Client
@@ -18,4 +19,4 @@ Use the Luigi Client API documentation to learn more about the functions and par
 
 * [Lifecycle](luigi-client-api.md#lifecycle) gives you details on the lifecycle of listeners, navigation nodes, and Event data.
 * [Link Manager](luigi-client-api.md#linkmanager) allows you to navigate to a specific route. 
-* [UX Manager](luigi-client-api.md#uxmanager) helps you to manage the appearance features in Luigi, such as the behavior of backdrop or loading indictors.
\ No newline at end of file
+* [UX Manager](luigi-client-api.md#uxmanager) helps you to manage the appearance features in Luigi, such as the behavior of backdrop or loading indictors.
diff --git a/docs/authorization-configuration.md b/docs/authorization-configuration.md
index f1fa63c095..ae429659bc 100644
--- a/docs/authorization-configuration.md
+++ b/docs/authorization-configuration.md
@@ -120,4 +120,26 @@ When Luigi fails to renew the token and then logs out the user, it adds the foll
 - `enabled` means third party cookies are supported by the browser.
 - `not_checked` means that the script was not provided in **thirdPartyCookiesScriptLocation** or it could not be loaded.
 
-The application developer can read these parameters and set a logout page based on them.
\ No newline at end of file
+The application developer can read these parameters and set a logout page based on them.
+
+### Implement a Custom Authentication Provider
+
+You can write your own authentication provider that meets your requirements. 
+
+[oAuth2ImplicitGrant.js](src/providers/oAuth2ImplicitGrant.js) is a good starting point if you don't use an external authentication library.
+After authorization is successful on the auth provider's side it redirects back to `Luigi callback.html` **redirect_uri**. The auth provider verifies the authentication data, saves it in  **localStorage** for Luigi, and redirects to the Luigi main page. 
+
+[openIdConnect.js](src/providers/openIdConnect.js) lazy loads the official `oidc-client` library and is a good starting point if you also depend on external authentication libraries.
+
+Make sure to set the following data in your Authentication Provider implementation, so that it is used after successful authentication.
+```
+const data = {
+  accessToken: hashParams['access_token'],
+  accessTokenExpirationDate: hashParams['expiry_timestamp'],
+  scope: hashParams['scope'],
+  idToken: hashParams['id_token']
+};
+
+localStorage.setItem('luigi.auth', JSON.stringify(data));
+localStorage.setItem('luigi.newlyAuthorized', true);
+```
diff --git a/docs/authorization-events.md b/docs/authorization-events.md
new file mode 100644
index 0000000000..c69822a0fa
--- /dev/null
+++ b/docs/authorization-events.md
@@ -0,0 +1,33 @@
+# Authorization events
+
+Luigi provides life cycle events which it can trigger internally or by authorization providers.
+Events are part of the **auth** configuration object and have to be functions. They can be executed asynchronously.
+
+An example events configuration looks as follows:
+
+```
+auth: {
+  events: {
+    onAuthSuccessful: (settings, authData) => {},
+    onAuthError: (settings, err) => {}
+    onAuthExpired: (settings) => {},
+    onLogout: (settings) => {}
+  }
+}
+```
+
+The first parameter is always the current **settings** object of the currently active authorization provider.  This object contains the user provider configuration with the default values.
+The second parameter is optional and it is either **authData** or **error**.
+
+You can disable the default behavior of `onAuthExpired` and `onAuthError` by making the function return `false`. As a result, the lifecycle execution stops with this function. This, however, may lead to blank pages after the user logs out since typically the page redirects to a logout, login or home page.
+
+## Events
+
+-   `onAuthSuccessful` **[function](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Statements/function)** is executed after logging in with the **authData** object parameter. If valid authorization data was found in the local storage, the function is not executed.
+-   `onAuthError` **[function](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Statements/function)** is executed:
+    - by Luigi **reason** URL parameter with optional **error** URL parameter for detailed description was found on Luigi initialization. The OAuth2Provider uses this approach by redirecting from the authorization provider to `luigi.domain/?reason=someError&error=Error detail describe`.
+    - by the OIDC provider if silent access token renewal fails    
+
+    Return `false` to prevent redirecting to `logoutUrl` after executing this function. It goes to the Luigi main route `/` instead.
+-   `onAuthExpired` **[function](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Statements/function)** is executed if the token expires during runtime, or if Luigi is opened with outdated authorization data in the local storage. Return `false` to prevent redirecting to `logoutUrl` after executing this function.
+-   `onLogout` **[function](https://developer.mozilla.org/docs/Web/JavaScript/Reference/Statements/function)** is executed after the user logs out.