Skip to content

Add logout with OIDC to application

OpenID Connect provides OpenID Connect RP-Initiated Logout to terminate user sessions. The logout endpoint is used to terminate the user session at WSO2 Identity Server and to log the user out. When a user is successfully logged out, the user is redirected to the post_logout_redirect_uri sent in the logout request.

Logout endpoint


Sample request

curl -X POST "https://localhost:9443/oidc/logout" \
--data-urlencode "client_id=<client_id_of_the_application>" \
--data-urlencode "post_logout_redirect_uri=<redirect URI>" \
--data-urlencode "state=<state>"

The logout request has the following parameters:


See RP-initiated logout request for more details.

Request Parameter Description
client_id The client ID obtained when registering the application in WSO2 Identity Server.
id_token_hint The ID token returned by WSO2 Identity Server (in response to the token request) is passed to the logout endpoint with a hint about the user's current authenticated session on the application. This can be used instead of the client_id parameter.
post_logout_redirect_uri The URL to be redirected to during user logout. The value defined here should be added as one of the [authorized redirect URLs](/en/7.0.0/references/app-settings/oidc-settings-for-app/#authorized-redirect-urls). This should be passed along with the id_token_hint. If the post_logout_redirect_uri parameter is not passed, the user will be routed to WSO2 Identity Server's common page after logout.
state The parameter passed from the application to WSO2 Identity Server to maintain state information. If an application sends this parameter, WSO2 Identity Server will return this information in the response.

Sample response