@quent I understand your position, and we appreciate the feedback.

Can you please create a github issue linking to this forum post and with as much detail as you can provide (including, perhaps, sample logout urls provided by IdPs you are interested in)?

https://github.com/fusionauth/fusionauth-issues/issues

@syed-muneeb

Can you provide a bit more context about what you are trying to accomplish, the errors you are seeing, and other procedural steps?

This may enable us to better assist.

Thanks,
Josh
FusionAuth

Yea, that flexibility would be ideal IMO, although the registeredLogoutURLs should be workable for us at this point. FWIW that is actually the behavior I assumed before digging into the docs. I'll definitely add the issue to GitHub, as I think it's probably part of the path to getting OIDC Certification which appears to already have an issue.

Thanks!

@dan said in logout questions:

've got a question about logout.
When logging in using the /oauth2/token route with the auth wordle code grant, it seems the /api/logout route does not revoke the refresh token.
Is intended? Is the best way to log out in this case is with the /ouath2/logout route? How does that know which user to log out? there's no user id or refresh token property in the body.

Regarding user identification during logout, the OAuth 2.0 specification doesn't define a standard logout endpoint. Logout processes are often application-specific, and the mechanism to identify the user being logged out might depend on the authentication framework or technology being used.

You can use the post_logout_redirect_uri query parameter on the logout endpoint to configure where a user ends up after logout.

More here: https://fusionauth.io/docs/v1/tech/oauth/endpoints