OAuth 2.0 RP-Initiated Logout
This article describes how to configure your application to end all active third-party service provider sessions when users end their EmpowerID session and EmpowerID is the identity provider for those third-party service providers.
tip
You can download sample .NET framework code at https://dl1.empowerid.com/files/OAuthTestSampleCode.zip.
RP-Initiated Logout
-
Initiate a request to the EmpowerID End Session endpoint,
https://<EID Server>/oauth/v2/ui/logouthttps://<EID Server>/oauth/v2/ui/logout
?post_logout_redirect_uri=xxxxxxxxxxxxxxxxxx
&id_token_hint=eyJhbGciOiJSUzyVGE3cG.............ahi-cCrWZfcow
&global_logout=true
&state=xxxxxxxxxxxxxxxxxxRequest Parameter Required/Optional Description post_logout_redirect_urirecommended URL the user will be redirected to after logout is performed. This URL should be registered in the Callback URLs on the EmpowerID OAuth application. If not present in the request, after logout the user will be redirected to the IdP login page. id_token_hintoptional Previously issued ID Token which is used to identify the user’s current authenticated session with the client. global_logoutoptional Determines whether to terminate the user’s IdP session and all the service providers the user is currently authenticated with. Permitted values are
-true- Terminate both IdP and all active service provider sessions
-false- Terminate only IdP session
Defaults totrueif not present in the request.stateoptional A random string value sent by the client to maintain state. This value will be sent back to the RP in the callback endpoint specified by the post_logout_redirect_uriparameter. -
Based on the
global_logoutparameter, the user’s IdP and active service provider sessions will be terminated. After successful logout the user will be redirected to the IdP login page or the callback endpoint specified by thepost_logout_redirect_uriparameter.