github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-25 23:57:20 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/rest-api/security/oidc-logout-api.asciidoc
James Rodewig 255c9a7f95
[DOCS] Move x-pack docs to docs/reference dir (#99209) 
**Problem:**
For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`. 

**Solution:**
- Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory
- Update doc snippet tests to use security

Rel: https://github.com/elastic/platform-docs-team/issues/208
2023-09-12 14:53:41 -04:00

66 lines
2.5 KiB
Text
Raw Blame History

[role="xpack"]
[[security-api-oidc-logout]]
=== OpenID Connect logout API
++++
<titleabbrev>OpenID Connect logout</titleabbrev>
++++
Submits a request to invalidate a refresh token and an access token that was
generated as a response to a call to `/_security/oidc/authenticate`.
[[security-api-oidc-logout-request]]
==== {api-request-title}
`POST /_security/oidc/logout`
[[security-api-oidc-logout-desc]]
==== {api-description-title}
If the OpenID Connect authentication realm in {es} is accordingly configured,
the response to this call will contain a URI pointing to the End Session
Endpoint of the OpenID Connect Provider in order to perform Single Logout.
{es} exposes all the necessary OpenID Connect related functionality via the
OpenID Connect APIs. These APIs are used internally by {kib} in order to provide
OpenID Connect based authentication, but can also be used by other, custom web
applications or other clients. See also
<<security-api-oidc-authenticate,OpenID Connect authenticate API>>
and
<<security-api-oidc-prepare-authentication,OpenID Connect prepare authentication API>>.
[[security-api-oidc-logout-request-body]]
==== {api-request-body-title}
`access_token`::
(Required, string) The value of the access token to be invalidated as part of the logout.
`refresh_token`::
(Optional, string) The value of the refresh token to be invalidated as part of the logout.
[[security-api-oidc-logout-example]]
==== {api-examples-title}
The following example performs logout
[source,console]
--------------------------------------------------
POST /_security/oidc/logout
{
"token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
"refresh_token": "vLBPvmAB6KvwvJZr27cS"
}
--------------------------------------------------
// TEST[catch:request]
The following example output of the response contains the URI pointing to the
End Session Endpoint of the OpenID Connect Provider with all the parameters of
the Logout Request, as HTTP GET parameters:
[source,js]
--------------------------------------------------
{
"redirect" : "https://op-provider.org/logout?id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&post_logout_redirect_uri=http%3A%2F%2Foidc-kibana.elastic.co%2Floggedout&state=lGYK0EcSLjqH6pkT5EVZjC6eIW5YCGgywj2sxROO"
}
--------------------------------------------------
// NOTCONSOLE
Reference in a new issue View git blame Copy permalink