/oauth2/connect/endSession
Use this endpoint to terminate authenticated sessions. Learn more in Session management.
To find the URL for this endpoint, read the end_session_endpoint field of the
well-known configuration endpoint for the realm:
$ curl https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/.well-known/openid-configuration
{
"...": "...",
"end_session_endpoint": "https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/connect/endSession",
"...": "..."
}Supported parameters
The end session endpoint supports the following query parameters:
| Parameter | Description | Required |
|---|---|---|
Uniquely identifies the application making the request. This parameter is not compliant with the specification. |
Yes, when the ID token is encrypted |
|
Previously issued ID token identifying the authenticated session. |
Yes |
|
|
Redirect to this URI after logout. This must match one of the values in the Sign-out URLs setting of the client profile. By default, this profile setting is empty. To update the setting in the Advanced Identity Cloud admin console, go to Applications > Client ID > Sign On. |
No |
The post_logout_redirect_uri parameter determines the result on successful logout:
-
If included, Advanced Identity Cloud redirects to the specified location.
Find more information in Redirect users to a specific URL after they sign out.
-
If omitted, Advanced Identity Cloud returns HTTP 204 No Content to indicate the end user logged out.
Example
Advanced Identity Cloud deletes the authenticated session when the user successfully logs out and is redirected to the post logout URL:
$ curl \
--dump-header - \
--request GET \
'https://<tenant-env-fqdn>/am/oauth2/realms/root/realms/alpha/connect/endSession?id_token_hint=id-token&post_logout_redirect_uri=https://www.example.com/signout'
HTTP/2 302
...
location: https://www.example.com/signout
content-length: 0
...