See openid-connect Menu


This endpoint is based on the OpenId Connect RP Initiated Logout specification.

Use this logout endpoint to terminate a OneLogin session and revoke all tokens that were issued under that session.

Note that logout will not only revoke the tokens for the OIDC client (based on the id_token_hint provided) that you specify in the request but also the tokens for any other OIDC apps that had tokens issued under the same SSO session.

Resource URL


Resource Parameter




Set to the subdomain of your OneLogin instance.

e.g. oidc-sample where the instance is

Request Parameter



Optional. The uri to redirect to after the logout is sucessfully completed. This uri must be an exact match to the Post Logout Redirect Uri that is defined for the OIDC app via OneLogin Admin UI or API.

When omitted the logout will redirect to the standard OneLogin portal login page.



Required when `post_logout_redirect_uri` is used.

The JWT ID Token that was previously issued by OneLogin for the user that you want to logout.



Defaults to `true`.

Indicates if the OneLogin SSO session should be terminated as part of the logout. When this is set to `false` only the logout will only revoke the related tokens.



A free text value that can be used to maintain flow. It will be passed back to the uri defined as the `post_logout_redirect_uri`.

Sample Response

Sample Code

Replace sample values indicated by < > with your actual values then paste into your browser window.


Postman Collection

Replace sample variables indicated by {{ }} with your actual values.

Download for the OpenId Connect API

Have a Question?

Have a how-to question? Seeing a weird error? Ask us about it on StackOverflow.

Found a bug? Submit a support ticket.

Have a product idea or request? Share it with us in our Ideas Portal.