How to destroy authentication session in WSO2 Identity Server?

Question

I'm using WSO2 Identity Server with OpenId Connect protocol for authentication.

When a user log in, a session is created to remember the user next time.

I would like to know the possible ways to destroy this session.

1. When Authentication Session persistence is not used : if i understood well, in this case the session is kept using the "commonAuthId" cookie. This cookie will be destroyed when the web browser is closed. Is there any other way to "log out" without closing the web browser ? A log out page on Identity Server ? a web service to call in Identity Server API ?
2. When Authentication Session persistence is used : Same question for this case : What are the possible way for the user to log out ?

Answer 1

WSO2IS 5.0.0 server does not support openid connect logout according to the openid connect session management specification. Therefore there is no standard way to logout using openid connect. But there is work around for this. You can send a request to /commonauth end point of the WSO2IS with query parameter commonAuthLogout=true. This removes the SSO session of the WSO2IS and logout can be achieved. Please find the complete request that you must send to /commonauth from here. It would work and solve your problem