--- title: Signoff description: Use GET /{{envID}}/as/signoff?id_token_hint={{idToken}} to initiate user logout. The Cookie request header specifies the current session token. component: pingone-api page_id: pingone-api:auth:openid-connect-oauth-2/signoff canonical_url: https://developer.pingidentity.com/pingone-api/auth/openid-connect-oauth-2/signoff.html section_ids: headers: Headers example-request: Example Request example-response: Example Response --- # Signoff ## ```none GET {{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}} ``` Use `GET /{{envID}}/as/signoff?id_token_hint={{idToken}}` to initiate user logout. The `Cookie` request header specifies the current session token. The request URL includes the optional parameter `id_token_hint` specifying the ID token passed to the logout endpoint as a hint about the user's current authenticated session. The application identified by the ID token must exist, and must not be disabled. The user identified by the ID token must be the user identified by the current session. The `id_token_hint` value is validated as follows: * It must be signed by an application identified in the `aud` claim. * The `iss` claim must match the authorization server URL used for the /signoff request: * If a custom domain is used (the URL is https\://+\/as/signoff), the `iss` claim must be `https:///as`.\\ * The geographic domain specified in the URL (https\://auth.pingone.\[tld]/{envId}/as/signoff), must be `https://auth.pingone.[tld]/{envID}/as` in the `iss` claim. | | | | - | ------------------------------------------------------------- | | | The `id_token_hint` value can be used even if it has expired. | For more information about PingOne SSO sessions and sign off, refer to [Sessions](../../platform/sessions.html). > **Collapse: Query parameters** > > Refer to [OpenID Connect/OAuth 2](../openid-connect-oauth-2.html) for complete property descriptions. > > | Parameter | Type | Required? | > | -------------------------- | ------ | --------- | > | `id_token_hint` | String | Optional | > | `post_logout_redirect_uri` | String | Optional | > | `state` | String | Optional | > > For the user to be redirected successfully, `post_logout_redirect_uri` and `state` must have a combined value of less than 8192 characters. ### Headers Cookie      {{sessionToken}} ## ### Example Request * cURL * C# * Go * HTTP * Java * jQuery * NodeJS * Python * PHP * Ruby * Swift ```shell curl --location --globoff '{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}' \ --header 'Cookie: {{sessionToken}}' ``` ```csharp var options = new RestClientOptions("{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}") { MaxTimeout = -1, }; var client = new RestClient(options); var request = new RestRequest("", Method.Get); request.AddHeader("Cookie", "{{sessionToken}}"); RestResponse response = await client.ExecuteAsync(request); Console.WriteLine(response.Content); ``` ```golang package main import ( "fmt" "net/http" "io" ) func main() { url := "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}" method := "GET" client := &http.Client { } req, err := http.NewRequest(method, url, nil) if err != nil { fmt.Println(err) return } req.Header.Add("Cookie", "{{sessionToken}}") res, err := client.Do(req) if err != nil { fmt.Println(err) return } defer res.Body.Close() body, err := io.ReadAll(res.Body) if err != nil { fmt.Println(err) return } fmt.Println(string(body)) } ``` ```http GET /{{envID}}/as/signoff?id_token_hint={{idToken}} HTTP/1.1 Host: {{authPath}} Cookie: {{sessionToken}} ``` ```java OkHttpClient client = new OkHttpClient().newBuilder() .build(); MediaType mediaType = MediaType.parse("text/plain"); RequestBody body = RequestBody.create(mediaType, ""); Request request = new Request.Builder() .url("{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}") .method("GET", body) .addHeader("Cookie", "{{sessionToken}}") .build(); Response response = client.newCall(request).execute(); ``` ```javascript var settings = { "url": "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}", "method": "GET", "timeout": 0, "headers": { "Cookie": "{{sessionToken}}" }, }; $.ajax(settings).done(function (response) { console.log(response); }); ``` ```javascript var request = require('request'); var options = { 'method': 'GET', 'url': '{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}', 'headers': { 'Cookie': '{{sessionToken}}' } }; request(options, function (error, response) { if (error) throw new Error(error); console.log(response.body); }); ``` ```python import requests url = "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}" payload = {} headers = { 'Cookie': '{{sessionToken}}' } response = requests.request("GET", url, headers=headers, data=payload) print(response.text) ``` ```php setUrl('{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}'); $request->setMethod(HTTP_Request2::METHOD_GET); $request->setConfig(array( 'follow_redirects' => TRUE )); $request->setHeader(array( 'Cookie' => '{{sessionToken}}' )); try { $response = $request->send(); if ($response->getStatus() == 200) { echo $response->getBody(); } else { echo 'Unexpected HTTP status: ' . $response->getStatus() . ' ' . $response->getReasonPhrase(); } } catch(HTTP_Request2_Exception $e) { echo 'Error: ' . $e->getMessage(); } ``` ```ruby require "uri" require "net/http" url = URI("{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}") http = Net::HTTP.new(url.host, url.port); request = Net::HTTP::Get.new(url) request["Cookie"] = "{{sessionToken}}" response = http.request(request) puts response.read_body ``` ```swift var request = URLRequest(url: URL(string: "{{authPath}}/{{envID}}/as/signoff?id_token_hint={{idToken}}")!,timeoutInterval: Double.infinity) request.addValue("{{sessionToken}}", forHTTPHeaderField: "Cookie") request.httpMethod = "GET" let task = URLSession.shared.dataTask(with: request) { data, response, error in guard let data = data else { print(String(describing: error)) return } print(String(data: data, encoding: .utf8)!) } task.resume() ``` ### Example Response 302 Moved Temporarily