What does the Cognito Logout endpoint (/logout) actually do?


The documentation says:

The /logout endpoint signs the user out


This example clears the existing session ...

GET https://mydomain.auth.us-east-1.amazoncognito.com/logout?

What does this mean? Does the logout endpoint invalidate refresh tokens / id tokens / access tokens for the user sending the request?

I don't think it could because the client_id refers only to App Client ID, not an individual user. It doesn't seem that the endpoint would even know what user the request is associated with.

So what does the /logout endpoint actually do?

1 Answer

Log out only invalidates the session.

You can call the global sign out , this signs out users from all devices. It also invalidates all refresh tokens that Amazon Cognito has issued to a user.


Alternatively : If you want to invalidate the refresh token then the /oauth2/revoke endpoint revokes all of the access tokens that the specified refresh token generated. This is a POST hence this would be a custom signout flow since the log out only supports HTTPS GET


profile pictureAWS
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions