Rate this page

Logout Endpoint

Web applications may log users out of the Data Governance Broker by calling the logout endpoint, which does the following:

  • Deletes the server-side session state associated with the current user-agent.
  • Revokes all access tokens that were granted to the user.
  • Expires the session cookie.

Logout request

GET /oauth/logout

Parameter Required? Description
post_logout_redirect_uri yes The URI to which the end user’s browser will be redirected after logging out. This must be a registered redirect URI.
state no A value that the client may use to maintain state between the request and the redirect response.

An example request:

GET /oauth/logout?post_logout_redirect_uri=https://example.com/callback&state=TWFpcyBvw7kgc29udCBsZXMgbmVpZ2VzIGQnYW50YW4/ HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Cookie: SST=AXDMUqDPh1gT_FZ_6OtYxKsCBAbNAAAAAAAAAACY5qPla9FcXVhGMGyLgrQUvIgiKriMs-1AWRgfIejfAgBJC3HpCf8sr1jKpIwW9s0p-vf3ixSeBz1sC3w3MLX-d4nBxQa1e9O1iBBVGeuFcg
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36
Host: example.com:443

Logout response

The server responds by sending a 307 response, redirecting to the redirect URI provided in the post_logout_redirect_uri parameter of the logout request. If a state value was provided with the logout request, then it will be appended to the redirect URI.

Example response:

HTTP/1.1 307 Temporary Redirect
Date: Mon, 13 Jun 2016 15:07:54 GMT
Location: https://example.com/callback&state=TWFpcyBvw7kgc29udCBsZXMgbmVpZ2VzIGQnYW50YW4/
Set-Cookie: SST=AXDMUqDPh1gT_FZ_6OtYxKsCBAbNAAAAAAAAAACY5qPla9FcXVhGMGyLgrQUvIgiKriMs-1AWRgfIejfAgBJC3HpCf8sr1jKpIwW9s0p-vf3ixSeBz1sC3w3MLX-d4nBxQa1e9O1iBBVGeuFcg;Version=1;Path=/;Max-Age=0;Secure;HttpOnly;Expires=Mon, 13 Jun 2016 14:07:54 GMT
Cache-Control: no-store
Pragma: no-cache
Content-Length: 0