The Logout endpoints enable the RP-initiated logout functionality for users in your application. Refer to Single Logout section for more details on how to handle RP-initiated or IdP-initiated logout.
Please note that the Logout feature is only available for Custom Open ID connections that provide
specific logout features. These features include the presence of the revocation_endpoint and end_session_endpoint
in the discovery document.
You should call this endpoint from your server to generate a logout token which is required for the Logout Redirect endpoint.
curl --request POST \ --url https://auth.workos.com/sso/logout/authorize \ --header "Authorization: Bearer sk_example_123456789" \ -d profile_id="prof_01GWQ1G0H2FM6ASEF0HS13HCW9304kg03g"
POST/ssoParameters Returns objectLogout allows to sign out a user from your application by triggering the identity provider sign out flow.
This GET endpoint should be a redirection, since the identity provider user will be identified in the browser session.
Before redirecting to this endpoint, you need to generate a short-lived logout token using the Logout Authorize endpoint.
curl --request GET \ --url https://auth.workos.com/sso/logout? \ token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJwcm9maWxlX2lkIjoicHJvZl8wMUdXUTFHMEgyRk02QVNFRjBIUzEzSENXOS0zMDRrZzAzZyIsImV4cCI6IjE1MTYyMzkwMjIifQ.Wru9Qlnf5DpohtGCKhZU4cVOd3zpiu7QQ-XEX--5A_4
GET/ssoParameters