Proxy provider - Forward-auth (domain level) - how to logout?

[thmerlin]

I have correctly setup the proxy provider for forward-authentication at domain level (I'm using Traefik). So, accessing one site configured behind it redirects me to the Authentik login page. When successfully authenticated, I'm then redirect to the site I was trying to access.

After this flow, 2 cookies (domain level) have been created:

• authentik_proxy_0
• authentik_proxy_1

But now, I wonder how I can logout from it.
I was expecting that going onto the Authentik panel for my currently logged in user, then logout, would clean up my cookies used for forward authentication. But it only cleans the session cookie.

So, for the sites for which I configured the forward-authentication, I cannot logout easily. I have to delete by myself the 2 cookies that were set up.

Am I missing something ?

NB: the cookie domain configured at my proxy provider is domain.com (and my authentik host is at authentik.domain.com)
And I can see in Firefox that the 2 mentioned cookies above are on domain .domain.com.

I also tried to use the end-session url for the application used for this forward-auth (ie: https://authentik.domain.com/application/o/<application-slug>/end-session/). But it doesn't make any difference.

[BeryJu]

Hi, so to log out with the proxy provider, you can navigate to proxy-auth-domain.foo.tld/akprox/sign_out, this will clear the cookies for the proxy provider and then redirect you to the end-session URL from authentik, where you can then fully log out.

[thmerlin]

Thanks for the quick response. It does exactly what I expected.

[BeryJu]

Also added a small notice in the docs for the future

[ksaadDE]

Opened a discussion on this #9737