Add logout with OIDC to application¶
OpenID Connect provides OpenID Connect RP-Initiated Logout to terminate user sessions. The logout endpoint is used to terminate the user session at WSO2 Identity Server and to log the user out. When a user is
successfully logged out, the user is redirected to the post_logout_redirect_uri sent in the logout request.
Logout endpoint
https://localhost:9443/oidc/logout
Sample request
curl -X POST "https://localhost:9443/oidc/logout" \
--data-urlencode "client_id=<client_id_of_the_application>" \
--data-urlencode "post_logout_redirect_uri=<redirect URI>" \
--data-urlencode "state=<state>"
The logout request has the following parameters:
Note
See RP-initiated logout request for more details.
| Request Parameter | Description |
|---|---|
client_id |
The client ID obtained when registering the application in WSO2 Identity Server. |
id_token_hint |
The ID token returned by WSO2 Identity Server (in response to the token request) is passed to the logout endpoint with a hint about the user's current authenticated session on the application. This can be used instead of the client_id parameter. |
post_logout_redirect_uri |
The URL to be redirected to during user logout. The value defined here should be added as one of the [authorized redirect URLs](/en/next/references/app-settings/oidc-settings-for-app/#authorized-redirect-urls). This should be passed along with the id_token_hint.
If the post_logout_redirect_uri parameter is not passed, the user will be routed to WSO2 Identity Server's common page after logout.
|
state |
The parameter passed from the application to WSO2 Identity Server to maintain state information. If an application sends this parameter, WSO2 Identity Server will return this information in the response. |
Sample response
http://myapp.com?state=state-param