• Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login
FusionAuth
  • Home
  • Categories
  • Recent
  • Popular
  • Pricing
  • Contact us
  • Docs
  • Login

Identity provider logout

Scheduled Pinned Locked Moved Solved
Q&A
logout
3
4
2.1k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • Q
    quent
    last edited by quent 12 Aug 2022, 18:59 8 Dec 2022, 18:58

    Hi,

    I have a fusionauth configured to use an external identity provider.
    My application is logging into fusionauth, which redirect to the identity provider: it works fine.

    Now I wonder how should be the logout workflow ?
    My application calls the fusionauth logout endpoint and it works fine (my user is logged out from my app and from fusionauth), but the user is still logged into the external identity provider ...

    • Shoudn't fusionauth call the external identity provider logout endpoint ?

    Because otherwise, the user is still logged on 😕

    Thank you,
    Quenta

    J 1 Reply Last reply 24 Dec 2022, 00:11 Reply Quote 0
    • J
      joshua @quent
      last edited by 24 Dec 2022, 00:11

      @quent Thanks for the question!

      To note, each IdP will handle logout differently. It would be hard for FusionAuth to know how to log each user out of disparate systems. Killing each user session is specific to that IdP implementation. In the FusionAuth logout process, we will call a logout endpoint of your choosing. In that endpoint, you could have your integration call the IdP to remove the user's session.

      I hope this helps!

      Josh

      Q 1 Reply Last reply 20 Jan 2023, 11:07 Reply Quote 0
      • Q
        quent @joshua
        last edited by 20 Jan 2023, 11:07

        @joshua Thank you for answer
        True, it is still possible to handle that logout.

        Maybe in future Fusionauth could have an additional and optionnal logout endpoint in IdentityProvider settings ...
        I prefer the application not to know much about the IdP, (i.e not calling it directly and not knowing its URLs) and let Fusionauth deal with the authentication/logout workflow.

        Tho, I do understand the answer 🙂

        D 1 Reply Last reply 20 Jan 2023, 14:09 Reply Quote 0
        • Q quent has marked this topic as solved on 20 Jan 2023, 11:08
        • D
          dan @quent
          last edited by 20 Jan 2023, 14:09

          @quent I understand your position, and we appreciate the feedback.

          Can you please create a github issue linking to this forum post and with as much detail as you can provide (including, perhaps, sample logout urls provided by IdPs you are interested in)?

          https://github.com/fusionauth/fusionauth-issues/issues

          --
          FusionAuth - Auth for devs, built by devs.
          https://fusionauth.io

          1 Reply Last reply Reply Quote 0
          • First post
            Last post