Logout (end-session) endpoint

1. Purpose

The Connect2id server exposes an optional logout endpoint to

  • Let a client application (relying party) notify the Identity Provider (IdP) that an end-user has logged out of the application, and additionally

  • Give the end-user a choice to log out of the IdP as well. To prevent unwanted logouts the end-user will be asked to confirm the action.

If the requesting client has registered a post logout redirection URI, the Connect2id server will redirect the browser to it after the logout confirmation dialog.

If the logout endpoint is enabled, its URL is advertised in the OpenID provider metadata.

The logout (end-session) endpoint is specified in OpenID Connect Session Management 1.0.

2. Web API overview

Resources
Errors

3. Resources

3.1 [end-session-endpoint]

3.1.1 GET

Sends the end-user to log out of the OpenID provider.

Parameters:

  • [ id_token_hint ] Previously issued ID token passed to the logout endpoint as a hint about the end-user’s current authenticated session with the client. Use of this parameter is recommended.

  • [ post_logout_redirect_uri ] URL to which the browser should be redirected after the logout dialog (regardless whether the end-user agrees or not to log out of the OpenID provider). The URL must be
    registered in the post_logout_redirect_uris parameter for the requesting client. If an ID token hint is not included in the logout request the redirection parameter will be ignored.

  • [ state ] Optional state to append to the post logout redirection URL.

Success:

  • Code: 200

  • Content-Type: text/html

  • Body: A confirmation dialog whether the end-user agrees to log out of the OpenID provider.

Errors:

Example simple logout request:

GET /logout HTTP/1.1
Host: c2id.com

Example logout request with an ID token hint:

GET /logout?id_token_hint=eyJraWQiOiJhb2N0IiwiYWxnIjoiUlMyNTYifQ... HTTP/1.1
Host: c2id.com

4. Errors

404 Not Found

The requested resource doesn’t exist.

Example:

HTTP/1.1 404 Not Found

500 Internal Server Error

An internal server error has occurred. Check the Connect2id server logs for details.

Example:

HTTP/1.1 500 Internal Server Error