Startsida Utforska Hjälp
Logga in
lqb
/
elasticsearch
spegling av https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Filer Ärenden 0 Wiki
Träd: 79d6c3e70d
Grenar Taggar
elasticsearch
/
docs
/
reference
/
rest-api
/
security
/
oidc-logout-api.asciidoc

oidc-logout-api.asciidoc 2.5 KB
Historik

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 
  1. [role="xpack"]
    2. 

  2. [[security-api-oidc-logout]]
    3. 

  3. === OpenID Connect logout API
    4. 

  4. ++++
    5. 

  5. <titleabbrev>OpenID Connect logout</titleabbrev>
    6. 

  6. ++++
    7. 

  7. 

  8. Submits a request to invalidate a refresh token and an access token that was
    9. 

  9. generated as a response to a call to `/_security/oidc/authenticate`.
    10. 

  10. 

  11. [[security-api-oidc-logout-request]]
    12. 

  12. ==== {api-request-title}
    13. 

  13. 

  14. `POST /_security/oidc/logout`
    15. 

  15. 

  16. [[security-api-oidc-logout-desc]]
    17. 

  17. ==== {api-description-title}
    18. 

  18. 

  19. If the OpenID Connect authentication realm in {es} is accordingly configured,
    20. 

  20. the response to this call will contain a URI pointing to the End Session
    21. 

  21. Endpoint of the OpenID Connect Provider in order to perform Single Logout.
    22. 

  22. 

  23. {es} exposes all the necessary OpenID Connect related functionality via the
    24. 

  24. OpenID Connect APIs. These APIs are used internally by {kib} in order to provide
    25. 

  25. OpenID Connect based authentication, but can also be used by other, custom web
    26. 

  26. applications or other clients. See also
    27. 

  27. <<security-api-oidc-authenticate,OpenID Connect authenticate API>>
    28. 

  28. and
    29. 

  29. <<security-api-oidc-prepare-authentication,OpenID Connect prepare authentication API>>.
    30. 

  30. 

  31. [[security-api-oidc-logout-request-body]]
    32. 

  32. ==== {api-request-body-title}
    33. 

  33. 

  34. `access_token`::
    35. 

  35.   (Required, string) The value of the access token to be invalidated as part of the logout.
    36. 

  36. 

  37. `refresh_token`::
    38. 

  38.   (Optional, string) The value of the refresh token to be invalidated as part of the logout.
    39. 

  39. 

  40. 

  41. [[security-api-oidc-logout-example]]
    42. 

  42. ==== {api-examples-title}
    43. 

  43. 

  44. The following example performs logout
    45. 

  45. 

  46. [source,console]
    47. 

  47. --------------------------------------------------
    48. 

  48. POST /_security/oidc/logout
    49. 

  49. {
    50. 

  50.   "token" : "dGhpcyBpcyBub3QgYSByZWFsIHRva2VuIGJ1dCBpdCBpcyBvbmx5IHRlc3QgZGF0YS4gZG8gbm90IHRyeSB0byByZWFkIHRva2VuIQ==",
    51. 

  51.   "refresh_token": "vLBPvmAB6KvwvJZr27cS"
    52. 

  52. }
    53. 

  53. --------------------------------------------------
    54. 

  54. // TEST[catch:request]
    55. 

  55. 

  56. The following example output of the response contains the URI pointing to the
    57. 

  57. End Session Endpoint of the OpenID Connect Provider with all the parameters of
    58. 

  58. the Logout Request, as HTTP GET parameters:
    59. 

  59. 

  60. [source,js]
    61. 

  61. --------------------------------------------------
    62. 

  62. {
    63. 

  63.   "redirect" : "https://op-provider.org/logout?id_token_hint=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c&post_logout_redirect_uri=http%3A%2F%2Foidc-kibana.elastic.co%2Floggedout&state=lGYK0EcSLjqH6pkT5EVZjC6eIW5YCGgywj2sxROO"
    64. 

  64. }
    65. 

  65. --------------------------------------------------
    66. 

  66. // NOTCONSOLE
    67.