sid
) and associate it with the user sessions it creates. We recommend production applications use durable session storage.sid
during the logout process without using client-side cookies. Cookies exist within the browser and are inaccessible to the logout callback endpoint./.well-known/*
metadata endpoint to determine if your application meets the requirements.
API Operation Event
in Auth0 tenant logs. To learn more, read Logs.sid
and, optionally, sub claims after the ID token is validated.
sid
value.HTTP POST
requests.logout_token
parameter and validate it as a regular JWT according to the spec.http://schemas.openid.net/event/backchannel-logout
.sid
and/or sub
claims.nonce
claim. This is required to prevent abuse by distinguishing the Logout Token from the ID token.sid
and/or sub
value and terminate it. The exact application session termination process depends on the implementation details. For example, this event may need to be communicated to the front-end.sslo
for oidc_backchannel_logout_succeeded
or fslo
for oidc_backchannel_logout_failed
.