Skip to main content
U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock ( Https ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

OpenID Connect

OpenID Connect (OIDC) is a simple identity layer built on top of the OAuth 2.0 protocol. supports version 1.0 of the specification and conforms to the iGov Profile.

Logout supports RP-Initiated Logout, allowing clients to log users out of their current session and redirect them back to the Relying Party. does not support Single Logout (SLO). The logout action will terminate the user’s session at but will not end any other potentially active sessions within service provider applications. For example, if a user signs in to applications A and B through, a logout request from A will end their session, but will not affect the session in application B.

User experience impact:

As per the OIDC spec, will display a Logout confirmation screen to users on logout. Users will need to click a button to complete the logout process. This protects against forged logout request attacks.

If the user does not click the button, they will not be redirected back to your application.

Logout request

To log out a user, send them to the /openid_connect/logout endpoint with the following parameters:


The unique identifier for the client. This will be registered with the IdP in advance.


The URI will redirect to after logout. This must also be registered with the IdP in advance.

state (optional)

A unique value at least 22 characters in length used for maintaining state between the request and the callback. This value will be returned to the client on a successful logout as a parameter of state added to the redirect back to the post_logout_redirect_uri.

Logout response

In a successful logout, i.e. the request is valid and the user confirms that they want to log out, will redirect the user to the provided post_logout_redirect_uri with the state parameter added to the URL. If the request is invalid, the user will be shown an error page. If the user declines to click the button on the confirmation page, they will not be redirected to the post_logout_redirect_uri and there will be no response to your application.
Edit this page
Return to top