Logging out users
This endpoint only applies to applications that have requested the
openid
scope.
The Yoco authorization server supports
RP-Initiated Logout via the
/oauth2/sessions/logout
endpoint.
This endpoint enables you to notify the Yoco authorization server when a user logs out of your application.
Ensure the following conditions have been met:
- You must provide at least one
post_logout_redirect_uri
when setting up your OAuth 2.0 client. This is the URL to which the user will be redirected after the Yoco authorization server has handled the logout request. - When the user logs out of your application, you should redirect them to the Yoco authorization
server’s logout endpoint with the parameters indicated below:
id_token_hint
: The ID token of the user who is logging out. This token should be passed as a query parameter.post_logout_redirect_uri
: The URL to which the user will be redirected after the logout process is complete. This should match one of thepost_logout_redirect_uri
values you provided when setting up your OAuth 2.0 client. All parameter values must be properly URL-encoded.state
: A state parameter containing a random value used to maintain state between the request and the callback. After the logout process is complete, the Yoco authorization server will include this value in the query params of the redirect URI.
Logout endpoint
Once the user has been logged out of the Yoco authorization server, they will be redirected to the
post_logout_redirect_uri
you specified in the request. The query params of the redirect URI will
include the state
value you provided in the request.