federated query string parameter to the redirect at the /oidc/logout endpoint.
To do this, add a federated query string parameter to the logout URL:
https://{yourDomain}/oidc/logout?federated
Federated logout support
The following identity providers support federated logout:- Evernote
- Fitbit
- GitHub
-
Google
- Apps
- OAuth 2.0
-
Microsoft
- Active Directory Federation Services
- Office 365
- Windows Azure Active Directory
- Windows Live
- Salesforce/Salesforce Sandbox
- X
- Yahoo
- Yammer
Clear application session
The Auth0 Logout endpoint logs you out from Auth0 and, optionally, from your identity provider. It does not log you out of your application! This is something that you must implement on your side. You need to log out the user from your application by clearing their session.Alternative logout
To add federated logout to the alternative logout endpoint, add thefederated query string parameter to the logout URL:
https://{yourDomain}/v2/logout?federated
Alternative logout limitations
- No validation is performed on any URL provided as a value to the
returnToparameter, nor any query string or hash information provided as part of the URL. - The behavior of federated logouts with social providers is inconsistent. Each provider will handle the returnTo parameter differently and for some, it will not work. Please check your social provider’s settings to determine how it will behave.
- If you are working with social identity providers such as Google or Facebook, you must set your and Secret for these providers in the Dashboard for the logout to function properly.
- If you are an Auth0 Enterprise user, you will typically have enabled for multiple applications, for example, SharePoint, a few .NET applications, a few Java applications, Zendesk, etc. In this case, it’s very common that when users sign out, this needs to happen for all of their applications.