Description

Logs a user out in the TRIDENT

Request

To log a user out in the TRIDENT, a client application must redirect the user's browser to the TRIDENT endpoint of /trustedx-authserver/oauth/logout. As a result of this redirect, the browser sends to the TRIDENT an HTTP GET request like the following

GET /trustedx-authserver/oauth/logout?id_token_hint = ...&
                                      client_id=...& 
                                      post_logout_redirect_uri=...&
                                      state=...

As an alternative, the browser can send a POST request equivalent to the above request, i.e., with the parameters in the request body in the application/x-www-form-urlencoded format:

POST /trustedx-authserver/oauth/logout
Content-Type: application/x-www-form-urlencoded
 
id_token_hint=...&client_id=...&post_logout_redirect_uri=...&state=...

Parameters

Name	Type	Usage	Description
`id_token_hint`	query/body	Optional, in general. Required if the `client_id` parameter is not provided or if it is provided but the client application is associated with multiple identity providers for one of the following reasons: The client application is associated with multiple authorization servers and one or more of them is associated with multiple identity providers. The client application is only associated with one authorization server but this server is associated with multiple identity providers. Nota We recommend including this parameter in the request if the session to be closed was opened via OpenID Connect.	ID token the user used to open, via OpenID Connect, the session to be closed.
`client_id`	query/body	Optional, in general. Required if the `id_token_hint` parameter is not provided (e.g., the user did not log in with OpenID Connect).	Identifier in TRIDENT of the client application requesting the user logout.
`post_logout_redirect_uri`	query/body	Optional. If this parameter is not provided, TRIDENT redirects the browser to `trustedx-authserver/loggedOut.xhtml` after the logout is performed.	URL to which the TRIDENT must redirect the browser after the user is logged out. This must be one of the URLs that the application has registered as allowed in the TRIDENT settings or a URL that the identity provider associated with the application has registered as allowed in the TRIDENT.
`state`	query/body	Optional.	Opaque value that TRIDENT must send to the application when the browser is redirected after the user has been logged out..

Response

Once the user has been logged out in TRIDENT (via the corresponding identity provider), TRIDENT redirects the user's browser to the redirect URI specified in the post_logout_redirect_uri parameter of the logout request. As a result, the application receives an HTTP GET request like the following:

GET {redirection_uri_path}?state={state} HTTP/1.1
Host: {redirection_uri_host}

Donde:

{redirection_uri_host}{redirection_uri_path} is the redirect URI that the application specified in the post_logout_redirect_uri parameter of the logout request or, where this parameter is not specified, trustedx-authserver/loggedOut.xhtml.
{state} is the value specified in the state parameter of the logout request.