Topics tagged with logout

Logout with multiple subdomains

blanfordkerry — Invalid Date

@mark-robustelli said in Logout with multiple subdomains:

@ext_figuvini after reading your post again, I think I read it differently. The way the SSO logout works is that on logout, FusionAuth calls all the logout urls for each applications. It would seem that you are correct in that creating an application for each subdomain makes sense and would work. (You can create applications through the API so you should be able to automate this.) Can you try this for a few domains and confirm it works?

Your point is correct. Creating a separate application for each subdomain is a reasonable and correct solution.
When a user logs out of the SSO system, FusionAuth will call the logout URLs defined in each configured application in turn. This allows each application to clean up its own session. Pretty good solution

Identity provider logout

dan — Invalid Date

@quent I understand your position, and we appreciate the feedback.

Can you please create a github issue linking to this forum post and with as much detail as you can provide (including, perhaps, sample logout urls provided by IdPs you are interested in)?

https://github.com/fusionauth/fusionauth-issues/issues

Apple Sign in Provider , Logout

joshua — Invalid Date

@syed-muneeb

Can you provide a bit more context about what you are trying to accomplish, the errors you are seeing, and other procedural steps?

This may enable us to better assist.

Thanks,
Josh
FusionAuth

Clarification on OAuth/OIDC logout endpoint

Moonshine — Invalid Date

Yea, that flexibility would be ideal IMO, although the registeredLogoutURLs should be workable for us at this point. FWIW that is actually the behavior I assumed before digging into the docs. I'll definitely add the issue to GitHub, as I think it's probably part of the path to getting OIDC Certification which appears to already have an issue.

Thanks!

logout questions

bekeanloinse — Invalid Date

@dan said in logout questions:

've got a question about logout.
When logging in using the /oauth2/token route with the auth wordle code grant, it seems the /api/logout route does not revoke the refresh token.
Is intended? Is the best way to log out in this case is with the /ouath2/logout route? How does that know which user to log out? there's no user id or refresh token property in the body.

Regarding user identification during logout, the OAuth 2.0 specification doesn't define a standard logout endpoint. Logout processes are often application-specific, and the mechanism to identify the user being logged out might depend on the authentication framework or technology being used.

Is there a way to have a user who logs out of an application go back to wherever they started from at login?

dan — Invalid Date

You can use the post_logout_redirect_uri query parameter on the logout endpoint to configure where a user ends up after logout.

More here: https://fusionauth.io/docs/v1/tech/oauth/endpoints