Auth0 · Capability
Auth0 API — Logout
Auth0 API — Logout. 3 operations. Lead operation: Auth0 Logout a user. Self-contained Naftiko capability covering one Auth0 business surface.
What You Can Do
GET
Oidclogout
— Auth0 Logout a user
/v1/oidc/logout
POST
Samllogout
— Auth0 Logout a user
/v1/samlp/{client-id}/logout
GET
Logout
— Auth0 Logout a user
/v1/v2/logout
MCP Tools
auth0-logout-user
Auth0 Logout a user
read-only
idempotent
auth0-logout-user-2
Auth0 Logout a user
auth0-logout-user-3
Auth0 Logout a user
read-only
idempotent
Capability Spec
naftiko: 1.0.0-alpha2
info:
label: Auth0 API — Logout
description: 'Auth0 API — Logout. 3 operations. Lead operation: Auth0 Logout a user. Self-contained Naftiko capability covering
one Auth0 business surface.'
tags:
- Auth0
- Logout
created: '2026-05-19'
modified: '2026-05-19'
binds:
- namespace: env
keys:
AUTH0_API_KEY: AUTH0_API_KEY
capability:
consumes:
- type: http
namespace: auth0-logout
baseUri: ''
description: Auth0 API — Logout business capability. Self-contained, no shared references.
resources:
- name: oidc-logout
path: /oidc/logout
operations:
- name: oidclogout
method: GET
description: Auth0 Logout a user
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: id_token_hint
in: query
type: string
description: Previously issued ID Token for the user. This is used to indicate which user to log out.
- name: logout_hint
in: query
type: string
description: Optional sid (session ID) value to indicate which user to log out. Should be provided when id_token_hint
is not available.
- name: post_logout_redirect_uri
in: query
type: string
description: URL to redirect the user after the logout.
- name: client_id
in: query
type: string
description: The client_id of your application.
- name: federated
in: query
type: string
description: Add this query string parameter to log the user out of their identity provider.
- name: state
in: query
type: string
description: An opaque value the applications adds to the initial request that the authorization server includes
when redirecting the back to the post_logout_redirect_uri.
- name: ui_locales
in: query
type: string
description: Space-delimited list of locales used to constrain the language list for the request. The first locale
on the list must match the enabled locale in your tenant.
- name: samlp-CLIENT_ID-logout
path: /samlp/{CLIENT_ID}/logout
operations:
- name: samllogout
method: POST
description: Auth0 Logout a user
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: CLIENT_ID
in: path
type: string
description: Client ID of your application configured with the SAML2 Web App addon.
required: true
- name: body
in: body
type: object
description: Request body (JSON).
required: true
- name: v2-logout
path: /v2/logout
operations:
- name: logout
method: GET
description: Auth0 Logout a user
outputRawFormat: json
outputParameters:
- name: result
type: object
value: $.
inputParameters:
- name: returnTo
in: query
type: string
description: URL to redirect the user after the logout.
- name: client_id
in: query
type: string
description: The client_id of your application.
- name: federated
in: query
type: string
description: Add this query string parameter to the logout URL, to log the user out of their identity provider,
as well.
exposes:
- type: rest
namespace: auth0-logout-rest
port: 8080
description: REST adapter for Auth0 API — Logout. One Spectral-compliant resource per consumed operation, prefixed with
/v1.
resources:
- path: /v1/oidc/logout
name: oidc-logout
description: REST surface for oidc-logout.
operations:
- method: GET
name: oidclogout
description: Auth0 Logout a user
call: auth0-logout.oidclogout
with:
id_token_hint: rest.id_token_hint
logout_hint: rest.logout_hint
post_logout_redirect_uri: rest.post_logout_redirect_uri
client_id: rest.client_id
federated: rest.federated
state: rest.state
ui_locales: rest.ui_locales
outputParameters:
- type: object
mapping: $.
- path: /v1/samlp/{client-id}/logout
name: samlp-client-id-logout
description: REST surface for samlp-CLIENT_ID-logout.
operations:
- method: POST
name: samllogout
description: Auth0 Logout a user
call: auth0-logout.samllogout
with:
CLIENT_ID: rest.CLIENT_ID
body: rest.body
outputParameters:
- type: object
mapping: $.
- path: /v1/v2/logout
name: v2-logout
description: REST surface for v2-logout.
operations:
- method: GET
name: logout
description: Auth0 Logout a user
call: auth0-logout.logout
with:
returnTo: rest.returnTo
client_id: rest.client_id
federated: rest.federated
outputParameters:
- type: object
mapping: $.
- type: mcp
namespace: auth0-logout-mcp
port: 9090
transport: http
description: MCP adapter for Auth0 API — Logout. One tool per consumed operation, routed inline through this capability's
consumes block.
tools:
- name: auth0-logout-user
description: Auth0 Logout a user
hints:
readOnly: true
destructive: false
idempotent: true
call: auth0-logout.oidclogout
with:
id_token_hint: tools.id_token_hint
logout_hint: tools.logout_hint
post_logout_redirect_uri: tools.post_logout_redirect_uri
client_id: tools.client_id
federated: tools.federated
state: tools.state
ui_locales: tools.ui_locales
outputParameters:
- type: object
mapping: $.
- name: auth0-logout-user-2
description: Auth0 Logout a user
hints:
readOnly: false
destructive: false
idempotent: false
call: auth0-logout.samllogout
with:
CLIENT_ID: tools.CLIENT_ID
body: tools.body
outputParameters:
- type: object
mapping: $.
- name: auth0-logout-user-3
description: Auth0 Logout a user
hints:
readOnly: true
destructive: false
idempotent: true
call: auth0-logout.logout
with:
returnTo: tools.returnTo
client_id: tools.client_id
federated: tools.federated
outputParameters:
- type: object
mapping: $.