FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    How to best log out a user? By using `/api/logout` or the `/oauth2/logout?`

    Scheduled Pinned Locked Moved
    Q&A
    0
    2
    3.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • joshuaJ
      joshua
      last edited by

      How to best log out a user? By using /api/logout or the /oauth2/logout?

      1 Reply Last reply Reply Quote 0
      • joshuaJ
        joshua
        last edited by

        If managing your own session (not OAuth)

        Documentation Link

        If you are not using the FusionAuth SSO, then you will manage the user session and state in your application.

        Within this self-managed context, the Logout API /api/logout is only useful if you are using the Login API within the context of a browser. In this case, the Logout API will return a response HTTP header to tell the browser to delete the cookies written by the Login API.

        In other words, depending on your configuration/setup/specifics, there may be more work to do within your self-managed SSO to completely log the user out.

        If not managing your own session (one example would be to follow OAuth)

        Documentation Link

        If you are following OAuth, then you will hit the endpoint provided in the above doc link (currently /oauth2/logout).

        This logout endpoint provides a mechanism to invalidate the user’s session held by FusionAuth, this effectively logs the user out of FusionAuth.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post