PingOne Platform APIs

Signoff

GET {{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}

Use GET /{{envID}}/as/signoff?id_token_hint={{idToken}} to initiate user logout. The Cookie request header specifies the current session token.

The request URL includes the optional parameter id_token_hint specifying the ID token passed to the logout endpoint as a hint about the user’s current authenticated session. Refer to Get an ID Token in our Workflow Library for instructions to get an ID token.

The application identified by the ID token must exist, and must not be disabled. The user identified by the ID token must be the user identified by the current session.

The id_token_hint value is validated as follows:

  • It must be signed by an application identified in the aud claim.

  • The iss claim must match the authorization server URL used for the /signoff request:

    • If a custom domain is used (the URL is https://+<custom domain="">/as/signoff), the iss claim must be https://<custom domain="">/as.</custom></custom>

    • The region specified in the URL (https://auth.pingone.[tld]/{envId}/as/signoff), must be https://auth.pingone.[tld]/{envID}/as in the iss claim.

The id_token_hint value can be used even if it has expired.

For more information about PingOne SSO sessions and sign off, refer to Sessions.

Query parameters

Refer to OpenID Connect/OAuth 2 for complete property descriptions.

Parameter Type Required?

id_token_hint

String

Optional

post_logout_redirect_uri

String

Optional

state

String

Optional

For the user to be redirected successfully, post_logout_redirect_uri and state must have a combined value of less than 8192 characters.

Headers

Cookie      {{sessionToken}}

Example Request

  • cURL

  • C#

  • Go

  • HTTP

  • Java

  • jQuery

  • NodeJS

  • Python

  • PHP

  • Ruby

  • Swift

curl --location --globoff '{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}' \
--header 'Cookie: {{sessionToken}}'
var options = new RestClientOptions("{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}")
{
  MaxTimeout = -1,
};
var client = new RestClient(options);
var request = new RestRequest("", Method.Get);
request.AddHeader("Cookie", "{{sessionToken}}");
RestResponse response = await client.ExecuteAsync(request);
Console.WriteLine(response.Content);
package main

import (
  "fmt"
  "net/http"
  "io"
)

func main() {

  url := "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}"
  method := "GET"

  client := &http.Client {
  }
  req, err := http.NewRequest(method, url, nil)

  if err != nil {
    fmt.Println(err)
    return
  }
  req.Header.Add("Cookie", "{{sessionToken}}")

  res, err := client.Do(req)
  if err != nil {
    fmt.Println(err)
    return
  }
  defer res.Body.Close()

  body, err := io.ReadAll(res.Body)
  if err != nil {
    fmt.Println(err)
    return
  }
  fmt.Println(string(body))
}
GET /{{envID}}/as/signoff?id_token_hint={{idToken}} HTTP/1.1
Host: {{authPath}}
Cookie: {{sessionToken}}
OkHttpClient client = new OkHttpClient().newBuilder()
  .build();
MediaType mediaType = MediaType.parse("text/plain");
RequestBody body = RequestBody.create(mediaType, "");
Request request = new Request.Builder()
  .url("{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}")
  .method("GET", body)
  .addHeader("Cookie", "{{sessionToken}}")
  .build();
Response response = client.newCall(request).execute();
var settings = {
  "url": "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}",
  "method": "GET",
  "timeout": 0,
  "headers": {
    "Cookie": "{{sessionToken}}"
  },
};

$.ajax(settings).done(function (response) {
  console.log(response);
});
var request = require('request');
var options = {
  'method': 'GET',
  'url': '{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}',
  'headers': {
    'Cookie': '{{sessionToken}}'
  }
};
request(options, function (error, response) {
  if (error) throw new Error(error);
  console.log(response.body);
});
import requests

url = "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}"

payload = {}
headers = {
  'Cookie': '{{sessionToken}}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)
<?php
require_once 'HTTP/Request2.php';
$request = new HTTP_Request2();
$request->setUrl('{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}');
$request->setMethod(HTTP_Request2::METHOD_GET);
$request->setConfig(array(
  'follow_redirects' => TRUE
));
$request->setHeader(array(
  'Cookie' => '{{sessionToken}}'
));
try {
  $response = $request->send();
  if ($response->getStatus() == 200) {
    echo $response->getBody();
  }
  else {
    echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' .
    $response->getReasonPhrase();
  }
}
catch(HTTP_Request2_Exception $e) {
  echo 'Error: ' . $e->getMessage();
}
require "uri"
require "net/http"

url = URI("{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}")

http = Net::HTTP.new(url.host, url.port);
request = Net::HTTP::Get.new(url)
request["Cookie"] = "{{sessionToken}}"

response = http.request(request)
puts response.read_body
var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}")!,timeoutInterval: Double.infinity)
request.addValue("{{sessionToken}}", forHTTPHeaderField: "Cookie")

request.httpMethod = "GET"

let task = URLSession.shared.dataTask(with: request) { data, response, error in
  guard let data = data else {
    print(String(describing: error))
    return
  }
  print(String(data: data, encoding: .utf8)!)
}

task.resume()

Example Response

302 Moved Temporarily