Skip to main content
Version: v2.0 (latest)

Logout and Token Revocation

OIDC Web supports standard token revocation and logout.

Token Revocation

Revoke a token (RFC 7009) at the revocation endpoint:

curl -s -X POST "$BASE/oidc/v1/token/revoke" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d token=<access_token> \
-d client_id=$CLIENT_ID \
-d client_secret=<client_secret>

Logout

OIDC Web exposes a logout endpoint ($BASE/oidc/v1/logout). For clients configured with logout URIs, OIDC Web supports front-channel and back-channel logout notifications. Configure these URIs at registration time (see Registering Your Application).