When a customer signs out of your website you may optionally sign them out of Pliro using the OpenID Connect RP-Initiated Logout mechanism.

You do this by redirecting them to Pliro's end session endpoint:

HTTP/1.1 302 Found
Location: https://example-publication.plirotest.page/oauth/end_session?
  client_id=example-client-id&
  id_token_hint=example-id-token&
  post_logout_redirect_uri=https%3A%2F%2Fexample.com

This endpoint accepts the following query parameters:

• client_id: Should be set to the client ID shown for your OAuth application in the Pliro dashboard.

• id_token_hint: Should be set to the ID token received when the customer signed into your website.

• post_logout_redirect_uri: Should be set to a URI to redirect the customer to, after signing them out of Pliro. If set, this URI must match the URI that is registered for the OAuth application in the Pliro dashboard.

After the customer is signed out of Pliro, they are redirected to the post_logout_redirect_uri.

HTTP/1.1 302 Found
Location: https://example.com

To prevent abuse, a valid id_token_hint is required to automatically sign the customer out of Pliro. If id_token_hint is missing or invalid, the customer will have to confirm signing out.

To prevent unvalidated redirects, Pliro will only redirect the customer to the post_logout_redirect_uri if it corresponds to the post-logout redirect URI registered for the OAuth application identified by client_id or the aud claim in the provided id_token_hint.