End OpenID Connect session on CyberArk Identity

The client can request the "/endsession" API to end the user session on the CyberArk Identity as below:

POST {tenant_url} /OAuth2/EndSession/{application_id}?post_logout_redirect_uri={post_logout_ur}&state={state} &id_token_hint={id_token}

Post logout from the CyberArk Identity, the user can be redirected to the specified post logout URI.

State parameter can be optionally sent in the end session request. This parameter is returned as the query parameter in the post-logout URI; hence, the RP can use this parameter to validate the response.

❗️

Early access features

• The post logout URI is an optional parameter and, if sent, must be present in the list of authorized post logout URIs added on the OIDC app on the admin portal.
• The user's ID token must be passed in the end session request. CyberArk Identity validates the ID token before ending the session.

👍

Integrate endsession endpoint using CyberArk Identity SDKs

CyberArk Identity provides SDKs to integrate end session endpoint into your applications.

• Android SDK: https://identity-developer.cyberark.com/docs/logout-client-session-from-the-browser

• iOS SDK: https://identity-developer.cyberark.com/docs/integrate-logout-functionality-into-the-app