Skip to content

Add logout with OIDC to application

OpenID Connect provides OpenID Connect RP-Initiated Logout to terminate user sessions. The logout endpoint is used to terminate the user session at Asgardeo and to log the user out. When a user is successfully logged out, the user is redirected to the post_logout_redirect_uri sent in the logout request.

Logout endpoint

https://api.asgardeo.io/t/{organization_name}/oidc/logout

Sample request

curl -X POST "https://api.asgardeo.io/t/bifrost/oidc/logout" \
--data-urlencode "client_id=<client_id_of_the_application>" \
--data-urlencode "post_logout_redirect_uri=<redirect URI>" \
--data-urlencode "state=<state>"

The logout request has the following parameters:

Note

See RP-initiated logout request for more details.

Request Parameter Description
client_id The client ID obtained when registering the application in Asgardeo.
id_token_hint The ID token returned by Asgardeo (in response to the token request) is passed to the logout endpoint with a hint about the user's current authenticated session on the application. This can be used instead of the client_id parameter.
post_logout_redirect_uri The URL to be redirected to during user logout. The value defined here should be added as one of the [authorized redirect URLs](/asgardeo/docs/references/app-settings/oidc-settings-for-app/#authorized-redirect-urls). This should be passed along with the id_token_hint. If the post_logout_redirect_uri parameter is not passed, the user will be routed to Asgardeo's common page after logout.
state The parameter passed from the application to Asgardeo to maintain state information. If an application sends this parameter, Asgardeo will return this information in the response.

Sample response

http://myapp.com?state=state-param