What does the Cognito Logout endpoint (/logout) actually do?

0

The documentation says:

The /logout endpoint signs the user out

and

This example clears the existing session ...

GET https://mydomain.auth.us-east-1.amazoncognito.com/logout?
client_id=ad398u21ijw3s9w3939&
logout_uri=https://myclient/logout

What does this mean? Does the logout endpoint invalidate refresh tokens / id tokens / access tokens for the user sending the request?

I don't think it could because the client_id refers only to App Client ID, not an individual user. It doesn't seem that the endpoint would even know what user the request is associated with.

So what does the /logout endpoint actually do?

1 個回答
0

Log out only invalidates the session.

You can call the global sign out , this signs out users from all devices. It also invalidates all refresh tokens that Amazon Cognito has issued to a user.

https://docs.aws.amazon.com/cognito-user-identity-pools/latest/APIReference/API_GlobalSignOut.html

Alternatively : If you want to invalidate the refresh token then the /oauth2/revoke endpoint revokes all of the access tokens that the specified refresh token generated. This is a POST hence this would be a custom signout flow since the log out only supports HTTPS GET

https://docs.aws.amazon.com/cognito/latest/developerguide/revocation-endpoint.html

profile pictureAWS
已回答 2 年前

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

回答問題指南