Skip to content
Introducing the next era of Duende IdentityServer. Read our CEO’s announcement

OIDC Client Logout

The OidcClient library supports OpenID Connect logout, allowing you to end the user’s session at the identity provider. Like login, logout can be performed in automatic or manual mode.

If you’ve configured an IBrowser implementation, you can use LogoutAsync for automatic logout:

var result = await client.LogoutAsync();
if (result.IsError)
{
Console.WriteLine($"Logout error: {result.Error}");
}

You can pass a LogoutRequest to customize the logout behavior:

var result = await client.LogoutAsync(new LogoutRequest
{
IdTokenHint = loginResult.IdentityToken,
BrowserDisplayMode = DisplayMode.Hidden,
BrowserTimeout = 30
});
PropertyTypeDescription
IdTokenHintstringThe identity token to hint to the IdP which session to end
StatestringOptional state parameter for the logout request
BrowserDisplayModeDisplayModeControls browser visibility (Visible or Hidden)
BrowserTimeoutintTimeout in seconds for the browser interaction

For manual mode, use PrepareLogoutAsync to generate the logout URL:

var logoutUrl = await client.PrepareLogoutAsync(new LogoutRequest
{
IdTokenHint = loginResult.IdentityToken
});
// Navigate the browser to logoutUrl manually
// Handle the callback at PostLogoutRedirectUri

The method returns the fully-formed end session endpoint URL. After navigating the browser to this URL, the identity provider will end the session and redirect back to your configured PostLogoutRedirectUri.

The LogoutResult class inherits from Result and provides:

PropertyTypeDescription
IsErrorboolWhether the logout resulted in an error
ErrorstringThe error code if an error occurred
ErrorDescriptionstringHuman-readable error description
ResponsestringThe raw response from the logout endpoint

Ensure your OidcClientOptions includes the post-logout redirect URI:

var options = new OidcClientOptions
{
Authority = "https://demo.duendesoftware.com",
ClientId = "native",
RedirectUri = "app://callback",
PostLogoutRedirectUri = "app://logout-callback",
Scope = "openid profile",
Browser = new SystemBrowser()
};