End session
Sign-out
Use this API to logout and end an active login session.
This function returns a redirect if a web browser sign-out is needed. If a redirect is returned, the user MUST be redirect to the provided redirect address. A redirect is typically returned if an external identity provider is configured that for example requires cookies to be cleared in the browser (e g a single-sign-on cookie).
On logout, all issued tokens are invalidated in the token tree starting from the root and in turn its issued tokens recursively. The root is the initital authentication event that occured when the user entered a username or password, used BankID or similiar. Issued tokens from that event includes all access tokens, delegated tokens and refresh tokens. Note that the root is choosen regardless if you provide an access token lower in the tree on logout. This means that when the Redirect method is used with single-sign-on, the single sign-on token is the root created when the user first signed in on that device, perhaps from a different app. A logout will in this case end all sessions that was created using the initial single-sign-in token in all applications on that device and not just the session in your application.
If the provided access token has expired or has been invalidated, the request is ignored (an error is not returned).
Request
Example
POST /v2/auth/logout
Authorization: Bearer {accessToken}
{
"returnAddress": "https://localhost/Momentum.Pm.PortalApi.ExampleSite",
"global": false
}
Parameters
| Name | Description |
|---|---|
| returnAddress | Required Return address that the user agent is redirected to when logout completes. The return address must be absolute and the fragment component of the address is removed (if present) by the API. Query parameter code and error is removed (if present) by the API. An address with the scheme http is not allowed, use https or a custom scheme. The return address must be registered in Momentum PM under menu "Inställningar / System". |
| global | When true all sessions of the account is ended. When false, only the current session is ended and the user may continue to work on other devices and applications. Default false. |
| keepSingleSignOn | When false, the user's third-party single-sign-on session is ended. If true, the third-party single sign-on session is kept as is and the user can still use the external authentication provider to sign in with a single-sign-on experience without entering a password manually or similiar. This parameter is ignored when Momentum Login is used as the authentication provider (when authentication is not delegated to an external third-party identity provider) as Momentum Login always invalidates all single-sign-on tokens in the token tree. Default is false. |
Response
Example
If redirect is needed:
otherwise an empty response is returned:Parameters
| Name | Description |
|---|---|
| redirect | Address to redirect the user agent to. |