Logout Endpoint

POST /logout

parameters:

  • name: id_token_hint content: OPTIONAL. Previously issued ID Token passed to the logout endpoint as a hint about the user’s current authenticated session with the Client. This is used as an indication of the identity of the user that the partner is requesting be logged out by PRIVO.
  • name: post_logout_redirect_uri content: OPTIONAL. URL to which the partner is requesting that the user’s browser be redirected after a logout has been performed. The value MUST have been previously registered with PRIVO, either using the post_logout_redirect_uris Registration parameter or via another mechanism. If supplied, PRIVO SHOULD honor this request following the logout. This uri must be one of the configured redirect URIs for the given partner.
  • name: state content: OPTIONAL. Opaque value used by the partner to maintain state between the logout request and the callback to the endpoint specified by the post_logout_redirect_uri query parameter. If included in the logout request, PRIVO passes this value back to the partner using the state query parameter when redirecting the user’s browser back to the partner.

When a user requests to sign out of the Partner site that user's PRIVO OpenID Connect session must also be ended. The " Logout of Partner Service" sample code demonstrates how the logout process can he handled when a user signs out of partner website.

A partner can notify PRIVO that the user has logged out of the site, and might want to log out of PRIVO as well. In this case, the partner, after having logged the user out of the partner, redirects the user’s browser to PRIVO’s logout endpoint URL, /logout.

Logout Endpoint:

{{url}}/logout?
      id_token_hint=eyJraWQiOiJyc2ExIiwiYWxnIjoiUlMy...
      &state=af0ifjsldkj
      post_logout_redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb

Logout of Partner Service:


<iframe id="privoHubSignOut" src="" class="hide"><!-- For ending PRIVO session --></iframe>

<script>
    $(function () {
        //.signout is the button on partner page
        $('.signout').on('click', function (e) {
            e.preventDefault();
            try {
                if ('localStorage' in window && window['localStorage'] !== null) {
                    //Clear local store on logout
                    sessionStorage.clear();
                }
            } catch (e) {
                //do nothing
            }
            $('#privoHubSignOut').attr('src', '${privowebURL}/logout');
            $('#privoHubSignOut').load(function () {
                // j_spring_security_logout is the Partners endpoint
                window.location = '/j_spring_security_logout';
            });
        });
    });
</script>