Skip to main content

Documentation Index

Fetch the complete documentation index at: https://auth0-feat-authentication-api-migration.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

GET /oidc/logout Use this endpoint to logout a user. If you want to navigate the user to a specific URL after the logout, set that URL at the post_logout_redirect_uri parameter. The URL should be included in the appropriate Allowed Logout URLs list:
  • If the id_token_hint parameter is included:
    • When the client_id parameter is included, the server uses the URL from the aud claim in the id_token_hint to select which of the Allowed Logout URLs to use from the application specified by the client_id.
    • When the client_id parameter is NOT included, the server uses the URL from the aud claim in the id_token_hint to select which of the Allowed Logout URLs at the tenant level to use.
  • If the id_token_hint parameter is not included:
    • If the client_id parameter is included, the post_logout_redirect_uri URL must be listed in the Allowed Logout URLs set at the application level.
    • If the client_id parameter is NOT included, the post_logout_redirect_uri URL must be listed in the Allowed Logout URLs set at the tenant level.
    • If the client_id parameter is included and the post_logout_redirect_uri URL is NOT set, the server returns the user to the first Allowed Logout URLs set in Auth0 Dashboard.
To learn more, read Log Users Out of Auth0 with OIDC Endpoint.

Remarks

  • Logging the user out of their social identity provider is not common practice, so think about the user experience before you use the federated query string parameter with social identity providers.
  • If providing both id_token_hint and logout_hint, the logout_hint value must match the sid claim from the id_token_hint.
  • If providing both id_token_hint and client_id, the client_id value must match the aud claim from the id_token_hint.
  • If id_token_hint is not provided, then the user will be prompted for consent unless a logout_hint that matches the user’s session ID is provided.
  • The POST HTTP method is also supported for this request. When using POST, the request parameters should be provided in the request body as form parameters instead of the query string. The federated parameter requires a value of true or false.
  • This conforms to the OIDC RP-initiated Logout Specification.

Learn More

Parameters

id_token_hint
string
[Recommended] Previously issued ID Token for the user. This is used to indicate which user to log out.
logout_hint
string
Optional sid (session ID) value to indicate which user to log out. Should be provided when id_token_hint is not available.
post_logout_redirect_uri
string
URL to redirect the user after the logout.
client_id
string
The client_id of your application.
federated
string
Add this query string parameter to log the user out of their identity provider: https://YOUR_DOMAIN/oidc/logout?federated.
state
string
An opaque value the application adds to the initial request that the authorization server includes when redirecting back to the post_logout_redirect_uri.
ui_locales
string
Space-delimited list of locales used to constrain the language list for the request. The first locale on the list must match the enabled locale in your tenant.

Response

StatusDescription
200Successfully logged out
400Bad request, possibly due to missing required parameters