The GET /{environmentId}/as/signoff endpoint is called to initiate end user logout. The Cookie request header specifies the current session token.

The request URL includes the id_token_hint parameter, which is a required attribute that specifies the ID token passed to the logout endpoint as a hint about the user’s current authenticated session.

Supported parameters for the signoff request are:

Property Description
id_token_hint A string that specifies the previously issued ID token, which is used to indicate the identity of the user, which is passed to the logout endpoint as a hint about the user’s current authenticated session with the client.
post_logout_redirect_uri A string that specifies an optional parameter that specifies the URL to which the browser is redirected after a logout has been performed.
state A string that specifies an optional parameter that is used to maintain state between the logout request and the callback to the endpoint specified by the post_logout_redirect_uri query parameter.

The signature of ID token provided in the id_token_hint attribute must be verified. The application identified by the ID token must exist and must not be disabled. The user identified by the ID token must be the user identified by the current session.

If a post_logout_redirect_uri parameter is provided and it does not match one of the postLogoutRedirectUri values of any application in the specified environment, this condition is handled as an un-redirectable error.