Does FusionAuth provide a single signout?

Question

Can't seem to find anything that makes FusionAuth send a signal to applications to terminate a user's session upon signout.

Answer 1

FusionAuth provides an API at /api/logout that might work. This API will revoke any refresh tokens that the user has. When refresh tokens are revoked, FusionAuth will send an event out to any configured Webhooks.

Here is the documentation on this API, Webhooks and the event that is fired:

• https://fusionauth.io/docs/v1/tech/apis/login#logout-a-user
• https://fusionauth.io/docs/v1/tech/events-webhooks/events#jwt-refresh-token-revoke
• https://fusionauth.io/docs/v1/tech/events-webhooks/writing-a-webhook

Here are the rough steps you can take to get this working:

1. Create a logout endpoint in your application or in a new microservice (https://example.com/global-logout)
2. This endpoint calls the /api/logout endpoint in FusionAuth
3. Each application that wants to be notified then writes a Webhook and handles the jwt.refresh-token.revoke event

You can see an example Webhook in the documentation link about. A Webhook that handles the jwt.refresh-token.revoke event might look like this in Node/JavaScript:

router.route('/fusionauth-webhook').post((req, res) => {
  const request = req.body;
  if (request.event.type === 'jwt.refresh-token.revoke') {
    // Clean up all the user's stuff here
  }
});