From ffc7cb7f4a65b7d141941257a61f449ad7c97265 Mon Sep 17 00:00:00 2001 From: amanda-vanscoy_atko Date: Fri, 31 Jan 2025 13:28:24 -0500 Subject: [PATCH 1/7] UL Logout endpoint update --- articles/api/authentication/_logout.md | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/articles/api/authentication/_logout.md b/articles/api/authentication/_logout.md index 83c418f019..163d767229 100644 --- a/articles/api/authentication/_logout.md +++ b/articles/api/authentication/_logout.md @@ -175,3 +175,21 @@ Logout behavior is determined by the configuration of the SAML2 Web App addon fo ### Learn More - [Logout](/logout) - [Log Users Out of SAML Identity Providers](https://auth0.com/docs/authenticate/login/logout/log-users-out-of-saml-idps) + +## Universal Logout +<%= include('../../_includes/_http-method', { + "http_badge": "badge-primary", + "http_method": "GET", + "path": "oauth/global-token-revocation/connection/{ConnectionName}", + "link": "#logout" +}) %> +Use this endpoint with [Okta Workforce Identity Cloud's Universal Logout](https://developer.okta.com/docs/guides/oin-universal-logout-overview/) and OpenID Connect, or SAML enterprise connections to log users out of your applications. To learn more, read [Universal Logout](https://auth0.com/docs/authenticate/login/logout/universal-logout). + +### Request Parameters +| Parameter | Description | +| : -- | : -- | +| `iss_sub` | Issuer URI from Okta Workforce Identity Cloud.| + +### Remarks +- A request to this endpoint revokes sessions cookies and refresh tokens, but not access tokens. +- You must authenticate at the endpoint before revoking user sessions. Review [Endpoint Authentication](https://developer.okta.com/docs/guides/oin-universal-logout-overview/#endpoint-authentication). \ No newline at end of file From cc1e7cf056e70ecfb0c130f6ca721d62976aa465 Mon Sep 17 00:00:00 2001 From: amanda-vanscoy_atko Date: Fri, 31 Jan 2025 13:35:39 -0500 Subject: [PATCH 2/7] Update _logout.md --- articles/api/authentication/_logout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/api/authentication/_logout.md b/articles/api/authentication/_logout.md index 163d767229..767125a97e 100644 --- a/articles/api/authentication/_logout.md +++ b/articles/api/authentication/_logout.md @@ -179,7 +179,7 @@ Logout behavior is determined by the configuration of the SAML2 Web App addon fo ## Universal Logout <%= include('../../_includes/_http-method', { "http_badge": "badge-primary", - "http_method": "GET", + "http_method": "POST", "path": "oauth/global-token-revocation/connection/{ConnectionName}", "link": "#logout" }) %> From 18e97075a390cf5d50c880ccd169b5fc4bdcac3a Mon Sep 17 00:00:00 2001 From: amanda-vanscoy Date: Tue, 4 Feb 2025 10:23:49 -0500 Subject: [PATCH 3/7] testing verification --- articles/api/authentication/_logout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/api/authentication/_logout.md b/articles/api/authentication/_logout.md index 767125a97e..59a525476b 100644 --- a/articles/api/authentication/_logout.md +++ b/articles/api/authentication/_logout.md @@ -183,7 +183,7 @@ Logout behavior is determined by the configuration of the SAML2 Web App addon fo "path": "oauth/global-token-revocation/connection/{ConnectionName}", "link": "#logout" }) %> -Use this endpoint with [Okta Workforce Identity Cloud's Universal Logout](https://developer.okta.com/docs/guides/oin-universal-logout-overview/) and OpenID Connect, or SAML enterprise connections to log users out of your applications. To learn more, read [Universal Logout](https://auth0.com/docs/authenticate/login/logout/universal-logout). +Use this endpoint with [Okta Workforce Identity Cloud's Universal Logout](https://developer.okta.com/docs/guides/oin-universal-logout-overview/), OpenID Connect, or SAML enterprise connections to log users out of your applications. To learn more, read [Universal Logout](https://auth0.com/docs/authenticate/login/logout/universal-logout). ### Request Parameters | Parameter | Description | From c2f71277f468e9d222cf1ee9e74af7a61adda0d3 Mon Sep 17 00:00:00 2001 From: Amanda VS Date: Wed, 5 Feb 2025 15:57:37 -0500 Subject: [PATCH 4/7] Update articles/api/authentication/_logout.md Co-authored-by: Adam Mcgrath --- articles/api/authentication/_logout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/api/authentication/_logout.md b/articles/api/authentication/_logout.md index 59a525476b..35bc687404 100644 --- a/articles/api/authentication/_logout.md +++ b/articles/api/authentication/_logout.md @@ -176,7 +176,7 @@ Logout behavior is determined by the configuration of the SAML2 Web App addon fo - [Logout](/logout) - [Log Users Out of SAML Identity Providers](https://auth0.com/docs/authenticate/login/logout/log-users-out-of-saml-idps) -## Universal Logout +## Global Token Revocation <%= include('../../_includes/_http-method', { "http_badge": "badge-primary", "http_method": "POST", From 55c4a751cee61ca049f73ff45cfe2cf64b9f2472 Mon Sep 17 00:00:00 2001 From: Amanda VS Date: Wed, 5 Feb 2025 15:58:59 -0500 Subject: [PATCH 5/7] Update articles/api/authentication/_logout.md Co-authored-by: Adam Mcgrath --- articles/api/authentication/_logout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/api/authentication/_logout.md b/articles/api/authentication/_logout.md index 35bc687404..ab046f95dd 100644 --- a/articles/api/authentication/_logout.md +++ b/articles/api/authentication/_logout.md @@ -180,7 +180,7 @@ Logout behavior is determined by the configuration of the SAML2 Web App addon fo <%= include('../../_includes/_http-method', { "http_badge": "badge-primary", "http_method": "POST", - "path": "oauth/global-token-revocation/connection/{ConnectionName}", + "path": "/oauth/global-token-revocation/connection/{ConnectionName}", "link": "#logout" }) %> Use this endpoint with [Okta Workforce Identity Cloud's Universal Logout](https://developer.okta.com/docs/guides/oin-universal-logout-overview/), OpenID Connect, or SAML enterprise connections to log users out of your applications. To learn more, read [Universal Logout](https://auth0.com/docs/authenticate/login/logout/universal-logout). From 684cb7af768eb991f680de91333c83ca4acfbdd7 Mon Sep 17 00:00:00 2001 From: Amanda VS Date: Wed, 5 Feb 2025 15:59:42 -0500 Subject: [PATCH 6/7] Update articles/api/authentication/_logout.md Co-authored-by: Adam Mcgrath --- articles/api/authentication/_logout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/api/authentication/_logout.md b/articles/api/authentication/_logout.md index ab046f95dd..5e5e0a32ed 100644 --- a/articles/api/authentication/_logout.md +++ b/articles/api/authentication/_logout.md @@ -183,7 +183,7 @@ Logout behavior is determined by the configuration of the SAML2 Web App addon fo "path": "/oauth/global-token-revocation/connection/{ConnectionName}", "link": "#logout" }) %> -Use this endpoint with [Okta Workforce Identity Cloud's Universal Logout](https://developer.okta.com/docs/guides/oin-universal-logout-overview/), OpenID Connect, or SAML enterprise connections to log users out of your applications. To learn more, read [Universal Logout](https://auth0.com/docs/authenticate/login/logout/universal-logout). +Use this endpoint with [Okta Workforce Identity Cloud's Universal Logout](https://developer.okta.com/docs/guides/oin-universal-logout-overview/) to log users out of your applications. To learn more, read [Universal Logout](https://auth0.com/docs/authenticate/login/logout/universal-logout). ### Request Parameters | Parameter | Description | From d895888759890cfbd033bf23782d9a53fcfbde03 Mon Sep 17 00:00:00 2001 From: Amanda VS Date: Wed, 5 Feb 2025 16:00:14 -0500 Subject: [PATCH 7/7] Update articles/api/authentication/_logout.md Co-authored-by: Adam Mcgrath --- articles/api/authentication/_logout.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/articles/api/authentication/_logout.md b/articles/api/authentication/_logout.md index 5e5e0a32ed..3148ab4fa7 100644 --- a/articles/api/authentication/_logout.md +++ b/articles/api/authentication/_logout.md @@ -188,7 +188,7 @@ Use this endpoint with [Okta Workforce Identity Cloud's Universal Logout](https: ### Request Parameters | Parameter | Description | | : -- | : -- | -| `iss_sub` | Issuer URI from Okta Workforce Identity Cloud.| +| `subject` | `{ "format": "iss_sub", "iss": "https://issuer.example.com/", "sub": "145234573" }` | ### Remarks - A request to this endpoint revokes sessions cookies and refresh tokens, but not access tokens.