> ## Documentation Index
> Fetch the complete documentation index at: https://auth0-actions-triggers-prototype.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.
# OIDC Logout
> Log out a user using the OIDC-compliant logout endpoint and optionally redirect to a post-logout URI.
## Endpoint
`GET /oidc/logout`
Use this endpoint to logout a user. If you want to navigate the user to a specific URL after the logout, set that URL at the `post_logout_redirect_uri` parameter. The URL should be included in the appropriate `Allowed Logout URLs` list:
* If the `id_token_hint` parameter is included:
* When the `client_id` parameter is included, the server uses the URL from the `aud` claim in the `id_token_hint` to select which of the `Allowed Logout URLs` to use from the application specified by the `client_id`.
* When the `client_id` parameter is NOT included, the server uses the URL from the `aud` claim in the `id_token_hint` to select which of the `Allowed Logout URLs` at the tenant level to use.
* If the `id_token_hint` parameter is not included:
* If the `client_id` parameter is included, the `post_logout_redirect_uri` URL must be listed in the `Allowed Logout URLs` set at the application level.
* If the `client_id` parameter is NOT included, the `post_logout_redirect_uri` URL must be listed in the `Allowed Logout URLs` set at the tenant level.
* If the `client_id` parameter is included and the `post_logout_redirect_uri` URL is NOT set, the server returns the user to the first `Allowed Logout URLs` set in Auth0 Dashboard.
To learn more, read [Log Users Out of Auth0 with OIDC Endpoint](https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0).
### Remarks
* Logging the user out of their social identity provider is not common practice, so think about the user experience before you use the `federated` query string parameter with social identity providers.
* If providing both `id_token_hint` and `logout_hint`, the `logout_hint` value must match the `sid` claim from the id\_token\_hint.
* If providing both `id_token_hint` and `client_id`, the `client_id` value must match the `aud` claim from the `id_token_hint`.
* If `id_token_hint` is not provided, then the user will be prompted for consent unless a `logout_hint` that matches the user's session ID is provided.
* The `POST` HTTP method is also supported for this request. When using `POST`, the request parameters should be provided in the request body as form parameters instead of the query string. The federated parameter requires a value of `true` or `false`.
* This conforms to the [OIDC RP-initiated Logout Specification](https://openid.net/specs/openid-connect-rpinitiated-1_0.html).
### Learn More
* [Logout](https://auth0.com/docs/authenticate/login/logout)
* [Use the OIDC Endpoint to Log Users Out of Auth0](https://auth0.com/docs/authenticate/login/logout/log-users-out-of-auth0)
* [OIDC RP-initiated Logout Specification](https://openid.net/specs/openid-connect-rpinitiated-1_0.html)
## Query Parameters
\[Recommended] Previously issued ID Token for the user. This is used to indicate which user to log out.
Optional `sid` (session ID) value to indicate which user to log out. Should be provided when `id_token_hint` is not available.
URL to redirect the user after the logout.
The `client_id` of your application.
Add this query string parameter to log the user out of their identity provider: `https://YOUR_DOMAIN/oidc/logout?federated`.
An opaque value the application adds to the initial request that the authorization server includes when redirecting back to the `post_logout_redirect_uri`.
Space-delimited list of locales used to constrain the language list for the request. The first locale on the list must match the enabled locale in your tenant.
## Response Messages
| Status | Description |
| ------ | -------------------------------------------------------- |
| 200 | Successfully logged out |
| 400 | Bad request, possibly due to missing required parameters |