Skip to content

Implement sign-out

The application must direct the user’s browser to the sign-out URL, passing the user’s id_token_hint, post_logout_redirect_uri, and state parameters in the call to log a user out.

Trimble Identity will validate that the provided ID Token matches the currently signed in user. After the sign-out request, the browser will redirect the user to the redirect URL provided. A state parameter will be appended if the value was included in the initial request. If no sign-out redirect URL is provided, the default is to redirect to the Identity sign-in page.

To implement sign-out functionality for Identity v4, use the endpoint, which can be discovered in the OpenID well-known configuration endpoint.

Example of the sign-out URL format

https://id.trimble.com/oauth/logout?id_token_hint={id_token_hint}&post_logout_redirect_uri={post_logout_redirect_uri}&state={state}

where:

  • id_token_hint - This is the ID Token that is obtained as part of the sign-in flow. It is returned in the /authorize response for Authorization Code or Authorization Code with PKCE grants if id_token was included in the request.
  • post_logout_redirect_uri - This value is optional and must match the logout_uri defined for the application. End-users will be sent to this URL when the sign-out is completed.
  • state - This value is optional and allows you to restore the previous state of your application. This value is similar in purpose to the state parameter in the OAuth protocol.

Logging a user out will not revoke any tokens that have already been issued; they are valid until they expire.