---
title: /oauth2/connect/endSession
description: Use this endpoint to terminate authenticated sessions. Learn more in Session management.
component: pingoneaic
page_id: pingoneaic:am-oidc1:rest-api-oidc-endsession-endpoint
canonical_url: https://docs.pingidentity.com/pingoneaic/am-oidc1/rest-api-oidc-endsession-endpoint.html
keywords: ["OpenID Connect (OIDC)", "Standards", "Endpoints", "Sessions"]
page_aliases: ["oidc1-guide:rest-api-oidc-endsession-endpoint.adoc"]
section_ids:
  supported_parameters: Supported parameters
  example: Example
---

# /oauth2/connect/endSession

Use this endpoint to terminate authenticated sessions. Learn more in [Session management](session-management.html).

To find the URL for this endpoint, read the `end_session_endpoint` field of the [well-known configuration endpoint](rest-api-oidc-discovery-configuration.html) for the realm:

```bash
$ curl https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/.well-known/openid-configuration
{
  "...": "...",
  "end_session_endpoint": "https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/connect/endSession",
  "...": "..."
}
```

## Supported parameters

The end session endpoint supports the following query parameters:

| Parameter                  | Description                                                                                                                                                                                                                                                                       | Required                            |
| -------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- |
| `client_id`                | Uniquely identifies the application making the request.This parameter is *not* compliant with the specification.                                                                                                                                                                  | Yes, when the ID token is encrypted |
| `id_token_hint`            | Previously issued ID token identifying the authenticated session.                                                                                                                                                                                                                 | Yes                                 |
| `post_logout_redirect_uri` | Redirect to this URI after logout.This must match one of the values in the Sign-out URLs setting of the client profile.By default, this profile setting is empty. To update the setting in the Advanced Identity Cloud admin console, go to Applications > *Client ID* > Sign On. | No                                  |

The `post_logout_redirect_uri` parameter determines the result on successful logout:

* If included, Advanced Identity Cloud redirects to the specified location.

  Find more information in [Redirect users to a specific URL after they sign out](../am-oauth2/plugins-user-info-claims.html#example-redirect-users-after-logout).

* If omitted, Advanced Identity Cloud returns HTTP 204 No Content to indicate the end user logged out.

## Example

Advanced Identity Cloud deletes the authenticated session when the user successfully logs out and is redirected to the post logout URL:

```bash
$ curl \
--dump-header - \
--request GET \
'https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/connect/endSession?id_token_hint=id-token&post_logout_redirect_uri=https://www.example.com/signout'
HTTP/2 302
...
location: https://www.example.com/signout
content-length: 0
...
```