Эхлэл Бүгдийг харах Тусламж
Бүртгүүлэх Нэвтрэх
lqb
/
elasticsearch
-ын хуулбар https://gitee.com/mirrors/elasticsearch.git
1
0
Салаа 0
Файлууд Асуудлууд 0 Мэдлэгийн сан
Мод: 442fc1f3b6
Салаанууд Тагууд
elasticsearch
/
docs
/
reference
/
rest-api
/
security
/
oidc-logout-api.asciidoc

oidc-logout-api.asciidoc 2.6 KB
Түүх Анхны өгөгдөл

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. [role="xpack"]
    2. 

  2. [[security-api-oidc-logout]]
    3. 

  3. === OpenID Connect logout API
    4. 

  4. ++++
    5. 

  5. <titleabbrev>OpenID Connect logout</titleabbrev>
    6. 

  6. ++++
    7. 

  7. 

  8. .New API reference
    9. 

  9. [sidebar]
    10. 

  10. --
    11. 

  11. For the most up-to-date API details, refer to {api-es}/group/endpoint-security[Security APIs].
    12. 

  12. --
    13. 

  13. 

  14. Submits a request to invalidate a refresh token and an access token that was
    15. 

  15. generated as a response to a call to `/_security/oidc/authenticate`.
    16. 

  16. 

  17. [[security-api-oidc-logout-request]]
    18. 

  18. ==== {api-request-title}
    19. 

  19. 

  20. `POST /_security/oidc/logout`
    21. 

  21. 

  22. [[security-api-oidc-logout-desc]]
    23. 

  23. ==== {api-description-title}
    24. 

  24. 

  25. If the OpenID Connect authentication realm in {es} is accordingly configured,
    26. 

  26. the response to this call will contain a URI pointing to the End Session
    27. 

  27. Endpoint of the OpenID Connect Provider in order to perform Single Logout.
    28. 

  28. 

  29. {es} exposes all the necessary OpenID Connect related functionality via the
    30. 

  30. OpenID Connect APIs. These APIs are used internally by {kib} in order to provide
    31. 

  31. OpenID Connect based authentication, but can also be used by other, custom web
    32. 

  32. applications or other clients. See also
    33. 

  33. <<security-api-oidc-authenticate,OpenID Connect authenticate API>>
    34. 

  34. and
    35. 

  35. <<security-api-oidc-prepare-authentication,OpenID Connect prepare authentication API>>.
    36. 

  36. 

  37. [[security-api-oidc-logout-request-body]]
    38. 

  38. ==== {api-request-body-title}
    39. 

  39. 

  40. `access_token`::
    41. 

  41.   (Required, string) The value of the access token to be invalidated as part of the logout.
    42. 

  42. 

  43. `refresh_token`::
    44. 

  44.   (Optional, string) The value of the refresh token to be invalidated as part of the logout.
    45. 

  45. 

  46. 

  47. [[security-api-oidc-logout-example]]
    48. 

  48. ==== {api-examples-title}
    49. 

  49. 

  50. The following example performs logout
    51. 

  51. 

  52. [source,console]
    53. 

  53. --------------------------------------------------
    54. 

  54. POST /_security/oidc/logout
    55. 

  55. {
    56. 

  56.   "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
    57. 

  57.   "refresh_token": "vLBPvmAB6KvwvJZr27cS"
    58. 

  58. }
    59. 

  59. --------------------------------------------------
    60. 

  60. // TEST[catch:request]
    61. 

  61. 

  62. The following example output of the response contains the URI pointing to the
    63. 

  63. End Session Endpoint of the OpenID Connect Provider with all the parameters of
    64. 

  64. the Logout Request, as HTTP GET parameters:
    65. 

  65. 

  66. [source,js]
    67. 

  67. --------------------------------------------------
    68. 

  68. {
    69. 

  69.   "redirect" : "https://op-provider.org/logout?id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&post_logout_redirect_uri=http%3A%2F%2Foidc-kibana.elastic.co%2Floggedout&state=lGYK0EcSLjqH6pkT5EVZjC6eIW5YCGgywj2sxROO"
    70. 

  70. }
    71. 

  71. --------------------------------------------------
    72. 

  72. // NOTCONSOLE
    73.