Logout (end-session) endpoint
The Connect2id server exposes an optional logout endpoint to
Let a client application (relying party) notify the Identity Provider (IdP) that an end-user has logged out of the application, and additionally
- Give the end-user a choice to log out of the IdP as well. To prevent unwanted logouts the end-user will be asked to confirm the action.
If the requesting client has registered a post logout redirection URI, the Connect2id server will redirect the browser to it after the logout confirmation dialog.
If the logout endpoint is enabled, its URL is advertised in the OpenID provider metadata.
The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.
2. Web API overview
Sends the end-user to log out of the OpenID provider.
[ id_token_hint ] Previously issued ID token passed to the logout endpoint as a hint about the end-user’s current authenticated session with the client. Use of this parameter is recommended.
[ post_logout_redirect_uri ] URL to which the browser should be redirected after the logout dialog (regardless whether the end-user agrees or not to log out of the OpenID provider). The URL must be
registered in the
post_logout_redirect_urisparameter for the requesting client. If an ID token hint is not included in the logout request the redirection parameter will be ignored.
- [ state ] Optional state to append to the post logout redirection URL.
- Body: A confirmation dialog whether the end-user agrees to log out of the OpenID provider.
Example simple logout request:
GET /logout HTTP/1.1 Host: c2id.com
Example logout request with an ID token hint:
GET /logout?id_token_hint=eyJraWQiOiJhb2N0IiwiYWxnIjoiUlMyNTYifQ... HTTP/1.1 Host: c2id.com
404 Not Found
The requested resource doesn’t exist.
HTTP/1.1 404 Not Found
500 Internal Server Error
An internal server error has occurred. Check the Connect2id server logs for details.
HTTP/1.1 500 Internal Server Error