Logout from Hosted Login

Endpoint URL: /{customerId}/auth-ui/logout



Description

The /{customerId}/auth-ui/logout endpoint logs a user out of a Hosted Login session. This brings the user session to a close, but does not expire or otherwise invalidate the user’s access and refresh tokens. To invalidate the tokens, you need to call the /{customerId}/token/revoke endpoint.

For example, this command logs a user out of his or her current session and then, following a successful logout, redirects the user to the URL https://identitydocs.akamai.com/logout:

https://v1.api.us.janrain.com/e0a70b4f-1eef-4856-bcdb-f050fee66aae/auth-ui/logout
 ?client_id=a123ef65-83dc-4094-a09a-76e1bec424e7
 &redirect_uri= https://identitydocs.akamai.com/logout

The parameters available for use with the /{customerId}/auth-ui/logout endpoint are described in the following table:

Parameter

Required

Description

client_id

Yes

Unique identifier of a valid OIDC client; it’s recommended that you reference the same OIDC client that the user employed when logging on. If you omit this parameter you’ll see the following error message:

If the parameter is included, but you specify an invalid client ID, you’ll get a Something went wrong error:

redirect_uri

No

When present, the user is redirected to the specified URL after he or she is logged out. Note that this URL must be included in the OIDC client’s redirectURIs property. If the URL is not listed then a Something went wrong error message is displayed.

If logout is successful but the redirect_uri is not included in the call then the Logout Success screen is displayed:

state

No

An arbitrary value that can be used to track a redirect after the user has is logged off by using this endpoint. For example, suppose state is set to 87651431 and the redirect_uri is set to https://identitydocs.akamai.com/redirect. When a user is logged off and redirected, the URI they’re redirected to should look like this:

https://identitydocs.akamai.com/redirect?state=87651431

Including the state in the URI provides assurance that Hosted Login was responsible for the redirect.

No authentication is required to call the /{customerId}/auth-ui/logout endpoint. Instead, the endpoint automatically logs out the user associated with the active session.

Calling the /{customerId}/auth-ui/logout endpoint is equivalent to a user clicking the Logout button in his or her user profile.