OpenID Connect RP-Initiated Logout

⚠️ UNDER DEVELOPMENT: This feature is under development and not ready for production use. Please use only for testing.

Please note that the base address for this api is the Momentum Login security service.

Logout

OpenID RP initiated logout is supported, see OpenID Connect RP-Initiated Logout 1.0 for details.

Start the logout flow by redirecting the user agent to the logout end-point such as:

POST api/auth/oauth2/logout

id_token_hint=TOKEN&post_logout_redirect_uri=REDIRECTURI&state=STATE

OR

GET api/auth/oauth2/logout
    ?id_token_hint=TOKEN
    &post_logout_redirect_uri=REDIRECTURI
    &state=STATE

Example:

POST https://domain/login/api/auth/oauth2/logout?id_token_hint=eyJhbGciOiJ...GjLN&post_logout_redirect_uri=https%3A%2F%2Flocalhost%3A5000%2Fexplorer%2Foauth2-redirect.html&state=Af5ea334....

When the logout completes, the logout is syncronized to all Momentum applications typically within a few seconds which disables use of all access token issued to the token tree bould to the first initial authentication.

Name	Description
post_logout_redirect_uri	Optional, Recommended Return address that the user agent is redirected to when logout completes or fails. The return address must be absolute and the fragment component of the address is removed (if present) by the API. Query parameter `error` is removed (if present) by the API. An address with the scheme `http` is not allowed, use `https` or a custom scheme. The return address must be registered in Momentum Fastighet, menu System / Säkerhet / Applikationer.
id_token_hint	Optional, Required when post_logout_redirect_uri is provided ID token previously issued to the client that is used as a hint about the user´s session to logout. Our implementation requires an `id_token_hint` to be provided when `post_logout_redirect_uri` is provided. The token must be issued by our api. Expired token are accepted. Tokens issued to currently revoked or removed applications are not accepted.
state	Optional Used by the caller to maintain state between the logout request and the callback endpoint specified by the `post_logout_redirect_uri`. If included, this parameter is appended to the `post_logout_redirect_uri` parameter when redirecting the user back to the caller.
client_id	Optional, Recommended Client id of the calling application. When provided, the `id_token_hint` must be a token issued for the given `client_id`.