PingAM

Create logout hooks

Use logout hooks to run custom server-side logic on logout. Logout hooks can perform tasks like redirecting the user on logout or adding information to the logout response that’s sent to a client application.

You register a logout hook from a specific authentication node during the authentication journey. Registered logout hooks are run when:

  • a user clicks the Log Out link from the self-service profile pages

  • a POST request is sent to /json/sessions/?_action=logout to end a user’s session

  • a GET request is sent to the /oauth2/connect/endSession endpoint to end a user’s session

AM includes the SetResponseDetailsLogoutHook, which adds logout details to the response when a tree ends with a logout. This hook is used by the Set Logout Details node.

Core class of a logout hook

This example shows an excerpt from the SetResponseDetailsLogoutHook class. The Set Logout Details node uses this logout hook to add logout details to the response on logout.

public class SetResponseDetailsLogoutHook implements LogoutHook {                        1
    ...
    @Inject                                                                              2
    public SetResponseDetailsLogoutHook(@Assisted Optional<HttpServletRequest> request,
            @Assisted JsonValue data) {
        this.request = request;
        this.data = data;
    }

    @Override
    public void onLogout() {                                                             3
        request.ifPresent(request → {
            Map<String, Object> newLogoutDetails = data.asMap();
            if (newLogoutDetails != null && !newLogoutDetails.isEmpty()) {
                Map<String, Object> logoutDetails = new HashMap<>();
                Map<String, Object> existingLogoutDetails =
                        (Map<String, Object>) request.getAttribute(LOGOUT_DETAILS_ATTRIBUTE);
                if (existingLogoutDetails != null) {
                    logoutDetails.putAll(existingLogoutDetails);
                    logoutDetails.putAll(newLogoutDetails);
                } else {
                    logoutDetails = newLogoutDetails;
                }
                request.setAttribute(LOGOUT_DETAILS_ATTRIBUTE, logoutDetails);
            }
        });
    }
}

1 Your core class must implement the LogoutHook interface, which provides the onLogout() method for the authentication framework to call.

Learn more in the LogoutHook interface in the AM Public API Javadoc.

2 AM uses the Google Guice framework for dependency injection.

The @Inject annotation on the constructor tells Guice to create a new instance of the hook and provide all required service objects and contextual parameters.

The @Assisted annotation is for parameters that are specific to the current authentication transaction:

  • Request: The HTTP request that started the authentication journey.

  • JsonValue: The data passed when registering the logout hook.

  • SSOToken: The token that contains session details after a successful authentication.

  • Response: The outgoing HTTP response that will be sent to the user agent. You can modify this response, for example, by adding cookies.

  • Realm: The realm where authentication is taking place.

3 The onLogout() method contains the hook’s core logic. The framework runs this method on logout.

Register a logout hook

To register a logout hook, your node class must call the registerLogoutHook() method.

For example, the SetLogoutDetailsNode registers its hook like this:

    @Override
    public Action process(TreeContext context) throws NodeProcessException {
        JsonValue data = json(config.logoutDetails());
        return goToNext().registerLogoutHook(SetResponseDetailsLogoutHook.class, data).build();
    }

Learn more about the registerLogoutHook() method in ActionBuilder.