# Sign-out notifications When a customer signs out of Pliro by clicking the sign out button on their account page, you may also want to sign them out of your website. This can be done using [the OpenID Connect Back-Channel Logout mechanism](https://openid.net/specs/openid-connect-backchannel-1_0.html): If you register a back-channel logout URI for your OAuth application in the Pliro dashboard, Pliro will notify your website using an HTTP POST request when one of your customers sign out: ``` POST /backchannel_logout HTTP/1.1 Host: example.com Content-Type: application/x-www-form-urlencoded logout_token=example-logout-token ``` To prevent abuse and to communicate which customer to sign out, the request includes a `logout_token` containing information about the customer in the form of a [JSON Web Token](https://www.rfc-editor.org/rfc/rfc7519). Before signing a customer out of your website you must decode and verify the logout token using the following steps: 1. Decode the logout token (e.g., using one of [the many existing JWT libraries](https://jwt.io/libraries)) and verify its signature using [Pliro's signing keys](/connect/signing-keys.md). 2. Check that the `iss` claim is equal to your Pliro page URL (e.g., `https://example-publication.plirotest.page`. 3. Check that the `aud` claim is equal to your OAuth application's client ID. 4. Check that the Unix timestamp in the `iat` (issued at) claim is in the past. You may also want to check that the token isn't too old (e.g., 5 minutes). 5. Check that the `sub` claim is present. This claim contains the customer's Pliro ID. 6. Check that the `sid` claim is present. This claim contains the customer's Pliro session ID. 7. Check that the `events` claim include the key `http://schemas.openid.net/event/backchannel-logout`. 8. Check that there is no `nonce` claim. 9. Check that the token's `typ` header is set to `logout+jwt`. If any of these checks fail, you should respond with an HTTP 400 status code and not process the logout request. If the the checks pass you may proceed to end the session corresponding to the Pliro session ID in the `sid` claim and respond with an HTTP 200 or 204 status code. If ending the session fails, you should respond with an HTTP 400 status code. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.pliro.co/connect/sign-out-notifications.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.