> ## Documentation Index > Fetch the complete documentation index at: https://altostrat.io/docs/llms.txt > Use this file to discover all available pages before exploring further. # Log Out User (OIDC Compliant) > This endpoint conforms to the OIDC Session Management specification. It logs the user out and can redirect them back to the application. ## OpenAPI ````yaml /api/en/authentication.yaml get /oidc/logout openapi: 3.0.3 info: title: Altostrat Authentication API description: > This document provides a comprehensive guide to Altostrat's Authentication API. It leverages Auth0 to provide secure, stateless, JWT-based authentication for the Altostrat Single-Page Application (SPA). The authentication mechanism is built on the industry-standard **OAuth 2.0 Authorization Code Flow with Proof Key for Code Exchange (PKCE)**, ensuring robust security for client-side applications. This documentation is a strategic blueprint designed for developers to accelerate integration. It details not only the API endpoints but also the underlying standards like **OpenID Connect (OIDC)** and the structure of the JSON Web Tokens (JWTs) used for authorization. Developers can use the OIDC discovery endpoint to auto-configure their clients. ### Authentication Flow Overview: 1. **Initiate Login:** The Altostrat web application initiates the authentication flow by redirecting the user's browser to the `/authorize` endpoint. 2. **User Authentication & Consent:** The user authenticates on the `signin.altostrat.io` domain and grants the application permission to access the requested scopes. 3. **Receive Authorization Code:** Auth0 redirects the user back to the Altostrat application's registered callback URL with a single-use `authorization_code`. 4. **Exchange Code for Tokens:** The Altostrat application's backend sends the `authorization_code` along with the `code_verifier` to the `/oauth/token` endpoint. 5. **Receive Tokens & Call APIs:** A successful exchange provides an `access_token` (JWT), an `id_token`, and a `refresh_token`. The `access_token` is then used as a Bearer token to make secure calls to Altostrat's resource APIs (e.g., `https://v1.api.altostrat.io`). version: 1.0.0 servers: - url: https://signin.altostrat.io description: Altostrat OAuth 2.0 & OpenID Connect Infrastructure security: [] tags: - name: OAuth 2.0 & OIDC description: >- Core endpoints for the authentication, token management, and session flows. - name: Discovery description: >- Standard OpenID Connect discovery endpoints for automatic client configuration. paths: /oidc/logout: get: tags: - OAuth 2.0 & OIDC summary: Log Out User (OIDC Compliant) description: >- This endpoint conforms to the OIDC Session Management specification. It logs the user out and can redirect them back to the application. parameters: - name: id_token_hint in: query description: >- An `id_token` previously issued to the client. This is a hint about the user's session. schema: type: string - name: post_logout_redirect_uri in: query description: >- The URL to redirect the user to after logout. Must be an allowed logout URL. schema: type: string format: uri responses: '302': description: >- Redirects the user, either to the login page or the `post_logout_redirect_uri` if provided. ````