Logout (end-session) endpoint
A Connect2id server deployment can have an optional logout endpoint to
Let a client application (relying party) notify the Identity Provider (IdP) that an end-user has logged out of the application, and additionally
Give the end-user a choice to log out of the IdP as well. To prevent unwanted logouts the end-user will be asked to confirm the action.
If the requesting client has registered a post logout redirection URI, the Connect2id server will redirect the browser to it after the logout confirmation dialog.
Client applications initiating the logout request are encouraged to include the
user's ID token as parameter (
id_token_hint) so that the Connect2id server
can identify the caller.
Client applications can also request the end-user to be redirected to some URI
post_logout_redirect_uri) after the logout dialog, regardless of the
end-user's choice to log out from the IdP. An optional
state parameter may be
passed. The redirection will work only if the client has previously
registered the possible post logout URIs and includes a
valid ID token hint for the logged out end-user.
https://c2id.com/logout?id_token_hint=eyJraWQiOiJhb2N0IiwiYWxnIjoiUlMyNTYifQ... &post_logout_redirect_uri=https://client.example.com/logout &state=aSh9Ohqu
The logout (end-session) endpoint is specified in OpenID Connect RP-Initiated Logout 1.0.
2. The logout endpoint URL
It can be found out from the
end_session_endpoint advertised in the
Connect2id server metadata and may look like this:
3. Web API overview
Sends the end-user to log out of the OpenID provider.
[ id_token_hint ] Previously issued ID token to be used as hint about the end-user's current authenticated session with the client. Use of this parameter is recommended.
[ post_logout_redirect_uri ] URL to which the browser should be redirected after the logout dialog (regardless of the end-user's choice to log out of the OpenID provider). The URL must be registered in the
post_logout_redirect_urisparameter for the requesting client. If an ID token hint is not included in the logout request the redirection parameter will be ignored.
[ state ] Optional state to append to the post logout redirection URL.
Body: A confirmation dialog whether the end-user agrees to log out of the OpenID provider.
Example simple logout request:
GET /logout HTTP/1.1 Host: c2id.com
Example logout request with an ID token hint:
GET /logout?id_token_hint=eyJraWQiOiJhb2N0IiwiYWxnIjoiUlMyNTYifQ... HTTP/1.1 Host: c2id.com
404 Not Found
The requested resource doesn't exist.
HTTP/1.1 404 Not Found
500 Internal Server Error
An internal server error has occurred. Check the Connect2id server logs for details.
HTTP/1.1 500 Internal Server Error