End Session Endpoint

The End Session (/connect/endsession) endpoint allows a client to log the user out at the identity provider by ending their authenticated session, optionally redirecting the user back to a post-logout URL once the session is cleared.

The endpoint is designed to be run in the browser, not directly from a back-end service.

Copy

URI

https://idp.contoso.com/dppassivests/connect/endsession

End Session Request

Copy

Sample request

GET /dppassivests/connect/endsession?id_token_hint=<ID_token>&post_logout_redirect_uri=https://app.company.com/logout&state=5AD840C8-A06D-4BA3-8DE4-E2672A718341 HTTP/1.1
Host: idp.contoso.com

Where:

Parameter	Description
[id_token_hint]	A valid ID token to log out
[post_logout_redirect_uri]	One of the registered post-logout URI A link with the specified URL will be displayed on the logout page
[state]	A value provided by the client to maintain request integrity and prevent CSRF attacks This value will be sent back to the client if post_logout_redirect_uri is specified

Parameter

Description

[id_token_hint]

A valid ID token to log out

[post_logout_redirect_uri]

One of the registered post-logout URI

A link with the specified URL will be displayed on the logout page

[state]

A value provided by the client to maintain request integrity and prevent CSRF attacks

This value will be sent back to the client if post_logout_redirect_uri is specified

End Session Response

Copy

Sample response

GET /logout&state=5AD840C8-A06D-4BA3-8DE4-E2672A718341 HTTP/1.1
Host: app.company.com