Implement sign-out
The application must direct the user’s browser to the sign-out URL, passing the user’s id_token_hint, post_logout_redirect_uri, and state parameters in the call to log a user out.
Trimble Identity will validate that the provided ID Token matches the currently signed in user. After the sign-out request, the browser will redirect the user to the redirect URL provided. A state parameter will be appended if the value was included in the initial request. If no sign-out redirect URL is provided, the default is to redirect to the Identity sign-in page.
To implement sign-out functionality for Identity v4, use the endpoint, which can be discovered in the OpenID well-known configuration endpoint.
Example of the sign-out URL format
https://id.trimble.com/oauth/logout?id_token_hint={id_token_hint}&post_logout_redirect_uri={post_logout_redirect_uri}&state={state}where:
- id_token_hint - This is the ID Token that is obtained as part of the sign-in flow. It is returned in the /authorize response for Authorization Code or Authorization Code with PKCE grants if id_token was included in the request.
- post_logout_redirect_uri - This value is optional and must match the logout_uri defined for the application. End-users will be sent to this URL when the sign-out is completed.
- state - This value is optional and allows you to restore the previous state of your application. This value is similar in purpose to the state parameter in the OAuth protocol.
Logging a user out will not revoke any tokens that have already been issued; they are valid until they expire.