How to best log out a user? By using `/api/logout` or the `/oauth2/logout?`
-
How to best log out a user? By using
/api/logout
or the/oauth2/logout?
-
If managing your own session (not OAuth)
If you are not using the FusionAuth SSO, then you will manage the user session and state in your application.
Within this self-managed context, the Logout API /api/logout is only useful if you are using the Login API within the context of a browser. In this case, the Logout API will return a response HTTP header to tell the browser to delete the cookies written by the Login API.
In other words, depending on your configuration/setup/specifics, there may be more work to do within your self-managed SSO to completely log the user out.
If not managing your own session (one example would be to follow OAuth)
If you are following OAuth, then you will hit the endpoint provided in the above doc link (currently
/oauth2/logout
).This logout endpoint provides a mechanism to invalidate the user’s session held by FusionAuth, this effectively logs the user out of FusionAuth.