Pliro Docs
Homepage
  • Introduction
  • Pliro Site
    • The customer account page
    • The offers page
    • The subscribe page
    • Offer pages
    • Offer subscribe pages
    • The free offering page
    • The free offering subscribe page
  • Pliro Connect
    • Sign in customers
    • Update customer information
    • Silent re-authentication
    • Sign customers out of Pliro
    • Sign-out notifications
    • Example integration
    • Signing keys
  • API
    • Authentication
    • Errors
      • Error codes
    • Pagination
    • Versioning
    • Endpoint reference
  • Test environment
Powered by GitBook
On this page
  1. Pliro Connect

Sign customers out of Pliro

Notify Pliro when signing customers out of your website.

PreviousSilent re-authenticationNextSign-out notifications

Last updated 11 months ago

When a customer signs out of your website you may optionally sign them out of Pliro using .

You do this by redirecting them to Pliro's end session endpoint:

HTTP/1.1 302 Found
Location: https://example-publication.plirotest.page/oauth/end_session?
  client_id=example-client-id&
  id_token_hint=example-id-token&
  post_logout_redirect_uri=https%3A%2F%2Fexample.com

This endpoint accepts the following query parameters:

  • client_id: Should be set to the client ID shown for your OAuth application in the Pliro dashboard.

  • id_token_hint: Should be set to the ID token received when the customer signed into your website.

  • post_logout_redirect_uri: Should be set to a URI to redirect the customer to, after signing them out of Pliro. If set, this URI must match the URI that is registered for the OAuth application in the Pliro dashboard.

After the customer is signed out of Pliro, they are redirected to the post_logout_redirect_uri.

HTTP/1.1 302 Found
Location: https://example.com

To prevent abuse, a valid id_token_hint is required to automatically sign the customer out of Pliro. If id_token_hint is missing or invalid, the customer will have to confirm signing out.

To prevent , Pliro will only redirect the customer to the post_logout_redirect_uri if it corresponds to the post-logout redirect URI registered for the OAuth application identified by client_id or the aud claim in the provided id_token_hint.

the OpenID Connect RP-Initiated Logout mechanism
unvalidated redirects