Damien Ransome

It should be noted that **the current behaviour can pose a security issue**, since the self-service account feature can potentially provide a way to set a new user password without...

> Added surrogate application workaround steps @lyleschemmerling please can you clarify Attempting to follow your surrogate application workaround steps verbatim: Real application: `5f921ed5-1700-4f25-8ec4-7db9b267c96a` Surrogate logout application: `59e7200e-47c4-49ff-8f53-d4b461dbfbe6` My test user...

For the record, the following workaround seems to be viable for my use case: Assuming a single (real) application with ID: `5f921ed5-1700-4f25-8ec4-7db9b267c96a` * Configure application logout links to point to...

@lyleschemmerling seems that [my workaround](https://github.com/FusionAuth/fusionauth-issues/issues/2298#issuecomment-1741250683) creates its own problem. We noticed intermittent HTTP 500 errors from the logout URL. (`https:///account/logout?client_id=5f921ed5-1700-4f25-8ec4-7db9b267c96a`). My working theory is this happens if the user has...

Exactly my experience.