Logout
Clients can initiate a logout by sending a GET request to the app's /.auth/logout endpoint.
GET /.auth/logoutLogging out does the following:
- Clears authentication cookies from the current session.
- Deletes the current user's tokens from the token store.
- Performs a server-side logout on the identity provider, if supported.
The two providers which support server-side logout are Azure Active Directory and Google.
By default, a successful logout will redirect the client to the /.auth/logout/done URL, which looks like the following:
You can change the post-logout landing page by adding the post_logout_redirect_uri query string parameter to the /.auth/logout URL. Both fully-qualified and relative URLs are supported, though relative URLs are recommended. It is also recommended to URL-encode the post_logout_redirect_uri value, but it is not always required.
GET /.auth/logout?post_logout_redirect_uri=/index.htmlWhen using fully-qualified URLs, the URL must either be hosted in the same domain or must be in the Allowed External Redirect URLs list in the Azure Portal's Authentication / Authorization blade.
GET /.auth/logout?post_logout_redirect_uri=https%3A%2F%2Fmyexternalurl.com
If an external domain is not in this list, the post-logout redirect location will be ignored and a warning will be written to the application logs.
An HTML snippet can be used to create a logout link within a webpage. Here is a simple example:
<a href="/.auth/logout">Logout</a>