OpenID: use LOGOUT endpoint to completely log off an identity provider

To completely log out of an identity provider, the identity provider's cookies must be cleared from the browser. This can only be done via the LOGOUT endpoint of an identity provider, so when a user requests to log out, not only should the refresh token be cleared, but the LOGOUT endpoint must be called. This is to avoid that users who log out see the ordinary login screen.

1

Comments

0 comments

Please sign in to leave a comment.

Didn't find what you were looking for?

New post