Challenge Task: Summarize App Logout, Auth0 Logout, IdP Logout, and Back‑channel Logout.
Post to complete: A 4‑row table: What it ends, How you call it, When to use.
| Logout Type | What it ends | How you call it | When to use |
|---|---|---|---|
| App Logout | Ends the user’s session in the specific application they are using | Have short timeouts on your local session and redirect to Auth0 at short intervals to re-authenticate. This can be done by calling checkSession from the client which does this redirect in a hidden iFrame. If you take the hidden iFrame approach you need to be aware of rate limits and third-party cookie issues. source: Log Users Out of Applications | Used when a user logs out only from a single application |
| Auth0 Logout | Ends the user’s session with Auth0 | To configure RP-Initiated Logout, you must ensure that your application can find the end_session_endpoint parameter in your Auth0 tenant’s discovery metadata document, and that it calls the OIDC Logout endpoint with the necessary parameters. source: Log Users Out of Auth0 with OIDC Endpoint | Signs the user out of the authorization server, requiring them to re-authenticate for subsequent access |
| IdP Logout | Terminates the session directly with the identity provider (like Google or Facebook) | The Auth0 Logout endpoint logs you out from Auth0 and, optionally, from your identity provider. It does not log you out of your application! This is something that you must implement on your side. You need to log out the user from your application by clearing their session. Alternative logout To add federated logout to the alternative logout endpoint, add the federated query string parameter to the logout URL: https://{yourDomain}/v2/logout?federated source: Log Users Out of Identity Providers | Signs the user out of the external identity provider. |
| Back-channel Logout | A server-to-server communication method to end sessions across multiple applications without involving the user’s browser directly. | To use Back-Channel Logout, an application must expose a Back-Channel Logout URI, reachable from the tenant server, where the application expects to receive the requests with the Logout Token. When an application receives this request, it is compelled to clear the local session state matching the claims in the token. source: OIDC Back-Channel Logout | Enables a relying party to request the logout of a session without direct browser interaction, suitable for server-to-server communication |
reply back, if I missed any information or give it a Like 
.
This topic was automatically closed after 24 hours. New replies are no longer allowed.