Logging out users
This endpoint only applies to applications that have requested the
openid
scope.
The Yoco authorization server supports
RP-Initiated Logout
via the /oauth2/sessions/logout
endpoint.
This endpoint enables you to notify the Yoco authorization server when a user logs out of your application.
Ensure the following conditions have been met:
- You must provide at least one
post_logout_redirect_uri
when setting up your OAuth 2.0 client. This is the URL to which the user will be redirected after the Yoco authorization server has handled the logout request. - When the user logs out of your application, you should redirect them to the
Yoco authorization server’s logout endpoint with the parameters indicated
below:
id_token_hint
: The ID token of the user who is logging out. This token should be passed as a query parameter.post_logout_redirect_uri
: The URL to which the user will be redirected after the logout process is complete. This should match one of thepost_logout_redirect_uri
values you provided when setting up your OAuth 2.0 client. All parameter values must be properly URL-encoded.state
: A state parameter containing a random value used to maintain state between the request and the callback. After the logout process is complete, the Yoco authorization server will include this value in the query params of the redirect URI.
Logout endpoint
Once the user has been logged out of the Yoco authorization server, they will
be redirected to the post_logout_redirect_uri
you specified in the request.
The query params of the redirect URI will include the state
value you
provided in the request.