Home Esplora Aiuto
Registrati Accedi
lqb
/
elasticsearch
mirror da https://gitee.com/mirrors/elasticsearch.git
1
0
Forka 0
File Problemi 0 Wiki
Albero (Tree): 442fc1f3b6
Rami (Branch) Tag
elasticsearch
/
docs
/
reference
/
rest-api
/
security
/
oidc-logout-api.asciidoc

oidc-logout-api.asciidoc 2.6 KB
Cronologia Originale

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172 
  1. [role="xpack"]
    2. 

  2. [[security-api-oidc-logout]]
    3. 

  3. === OpenID Connect logout API
    4. 

  4. ++++
    5. 

  5. <titleabbrev>OpenID Connect logout</titleabbrev>
    6. 

  6. ++++
    7. 

  7. 

  8. .New API reference
    9. 

  9. [sidebar]
    10. 

  10. --
    11. 

  11. For the most up-to-date API details, refer to {api-es}/group/endpoint-security[Security APIs].
    12. 

  12. --
    13. 

  13. 

  14. Submits a request to invalidate a refresh token and an access token that was
    15. 

  15. generated as a response to a call to `/_security/oidc/authenticate`.
    16. 

  16. 

  17. [[security-api-oidc-logout-request]]
    18. 

  18. ==== {api-request-title}
    19. 

  19. 

  20. `POST /_security/oidc/logout`
    21. 

  21. 

  22. [[security-api-oidc-logout-desc]]
    23. 

  23. ==== {api-description-title}
    24. 

  24. 

  25. If the OpenID Connect authentication realm in {es} is accordingly configured,
    26. 

  26. the response to this call will contain a URI pointing to the End Session
    27. 

  27. Endpoint of the OpenID Connect Provider in order to perform Single Logout.
    28. 

  28. 

  29. {es} exposes all the necessary OpenID Connect related functionality via the
    30. 

  30. OpenID Connect APIs. These APIs are used internally by {kib} in order to provide
    31. 

  31. OpenID Connect based authentication, but can also be used by other, custom web
    32. 

  32. applications or other clients. See also
    33. 

  33. <<security-api-oidc-authenticate,OpenID Connect authenticate API>>
    34. 

  34. and
    35. 

  35. <<security-api-oidc-prepare-authentication,OpenID Connect prepare authentication API>>.
    36. 

  36. 

  37. [[security-api-oidc-logout-request-body]]
    38. 

  38. ==== {api-request-body-title}
    39. 

  39. 

  40. `access_token`::
    41. 

  41.   (Required, string) The value of the access token to be invalidated as part of the logout.
    42. 

  42. 

  43. `refresh_token`::
    44. 

  44.   (Optional, string) The value of the refresh token to be invalidated as part of the logout.
    45. 

  45. 

  46. 

  47. [[security-api-oidc-logout-example]]
    48. 

  48. ==== {api-examples-title}
    49. 

  49. 

  50. The following example performs logout
    51. 

  51. 

  52. [source,console]
    53. 

  53. --------------------------------------------------
    54. 

  54. POST /_security/oidc/logout
    55. 

  55. {
    56. 

  56.   "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
    57. 

  57.   "refresh_token": "vLBPvmAB6KvwvJZr27cS"
    58. 

  58. }
    59. 

  59. --------------------------------------------------
    60. 

  60. // TEST[catch:request]
    61. 

  61. 

  62. The following example output of the response contains the URI pointing to the
    63. 

  63. End Session Endpoint of the OpenID Connect Provider with all the parameters of
    64. 

  64. the Logout Request, as HTTP GET parameters:
    65. 

  65. 

  66. [source,js]
    67. 

  67. --------------------------------------------------
    68. 

  68. {
    69. 

  69.   "redirect" : "https://op-provider.org/logout?id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&post_logout_redirect_uri=http%3A%2F%2Foidc-kibana.elastic.co%2Floggedout&state=lGYK0EcSLjqH6pkT5EVZjC6eIW5YCGgywj2sxROO"
    70. 

  70. }
    71. 

  71. --------------------------------------------------
    72. 

  72. // NOTCONSOLE
    73.