What does the Cognito Logout endpoint (/logout) actually do?

0

The documentation says:

The /logout endpoint signs the user out

and

This example clears the existing session ...

GET https://mydomain.auth.us-east-1.amazoncognito.com/logout?
client_id=ad398u21ijw3s9w3939&
logout_uri=https://myclient/logout

What does this mean? Does the logout endpoint invalidate refresh tokens / id tokens / access tokens for the user sending the request?

I don't think it could because the client_id refers only to App Client ID, not an individual user. It doesn't seem that the endpoint would even know what user the request is associated with.

So what does the /logout endpoint actually do?

1 Respuesta
0

Log out only invalidates the session.

You can call the global sign out , this signs out users from all devices. It also invalidates all refresh tokens that Amazon Cognito has issued to a user.

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GlobalSignOut.html

Alternatively : If you want to invalidate the refresh token then the /oauth2/revoke endpoint revokes all of the access tokens that the specified refresh token generated. This is a POST hence this would be a custom signout flow since the log out only supports HTTPS GET

https://docs.aws.amazon.com/cognito/latest/developerguide/revocation-endpoint.html

profile pictureAWS
respondido hace 2 años

No has iniciado sesión. Iniciar sesión para publicar una respuesta.

Una buena respuesta responde claramente a la pregunta, proporciona comentarios constructivos y fomenta el crecimiento profesional en la persona que hace la pregunta.

Pautas para responder preguntas