{"__v":15,"_id":"53fe7e17addab8973c1af2bb","category":{"__v":6,"_id":"53fe7d89addab8973c1af2b0","pages":["53fe7e17addab8973c1af2bb","53fe80ebaddab8973c1af2be","54011f0ec1c1764f69827203","53fe8159addab8973c1af2c1","53fe81ecaddab8973c1af2c5","54d94b3c6a09052100a6b699","56d49a9da4a9211b00c8f118"],"project":"53fe6dc5addab8973c1af267","version":"53fe6dc5addab8973c1af26a","sync":{"url":"","isSync":false},"reference":false,"createdAt":"2014-08-28T00:53:29.717Z","from_sync":false,"order":6,"slug":"logout-reference","title":"Logout Reference"},"comments":[],"is_link":false,"parentDoc":null,"project":"53fe6dc5addab8973c1af267","tags":[],"user":"53fe6d8baddab8973c1af266","version":{"__v":19,"_id":"53fe6dc5addab8973c1af26a","project":"53fe6dc5addab8973c1af267","createdAt":"2014-08-27T23:46:13.941Z","releaseDate":"2014-08-27T23:46:13.941Z","categories":["53fe6dc5addab8973c1af26b","53fe71a2addab8973c1af276","53fe7d89addab8973c1af2b0","53fe7d8daddab8973c1af2b1","53fe836faddab8973c1af2ce","53ff9a4823a37e1d5cebafe1","53ff9e3723a37e1d5cebaff7","53ffaca523a37e1d5cebb039","53ffad2e23a37e1d5cebb03c","5400c7d2ec93b29b61d4f7be","5400f0e1ec93b29b61d4f7dd","54d5636323010a0d001aca81","54d565c1276f8e0d00feab54","54ff40532882a10d00546927","556606d25561af0d008208b7","558c91900b236c2500d37c9a","56180a14f8c9632100ac7599","564fb3a59b4fab1700187518","5702e2d2f2d6f336005e901f"],"is_deprecated":false,"is_hidden":false,"is_beta":false,"is_stable":true,"codename":"","version_clean":"1.0.0","version":"1.0"},"updates":[],"next":{"pages":[],"description":""},"createdAt":"2014-08-28T00:55:51.660Z","link_external":false,"link_url":"","githubsync":"","sync_unique":"","hidden":false,"api":{"basic_auth":false,"results":{"codes":[]},"settings":"","try":true,"auth":"never","params":[],"url":""},"isReference":false,"order":0,"body":"# What is logout with Clef?\n\nLogout with Clef allows users to have complete control over their authentication sessions. With Logout with Clef, instead of users individually logging out of each site, they **log out once and are automatically logged out of every site** they used Clef to log into.\n[block:callout]\n{\n  \"type\": \"info\",\n  \"title\": \"Logout on the web today\",\n  \"body\": \"The way the web works, users maintain an individual authentication session with every site they visit. When a user logs in to site A, they must also at some point log out of site A. Same thing with site B, C, and D — it can get overwhelming.\\n\\nSingle-sign-on solutions like Log in with Clef provide a solution to one half of this problem: by authenticating you once in a secure fashion, Clef, and other single-sign-on providers, make it so logging into site A, also logs you into site B, C, and D (when you log into any site with Clef, you're logged into every other Clef supported site in a single click).\\n\\nUnfortunately, other single sign on providers haven't solved the other half — users are still forced to sign out of site A, then sign out of site B, then C, then D. Logout with Clef allows users to log out of all of their sites with a single click.\"\n}\n[/block]\n# Key concepts\n\n## Logout webhook\n\nWith Logout with Clef, we notify your web application when a user logs out. We call this notification a webhook. \n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"What is a webhook?\",\n  \"body\": \"Webhooks are \\\"user-defined HTTP callbacks\\\". They are usually triggered by some event, such as pushing code to a repository or a comment being posted to a blog. When that event occurs, the source site makes an HTTP request to the URI configured for the webhook. Users can configure them to cause events on one site to invoke behaviour on another.\\n\\n— *[Wikipedia](http://en.wikipedia.org/wiki/Webhook)*\"\n}\n[/block]\nWhenever a user logs out of your application after logging in with Clef, we'll send a POST request to a webhook URL you specify, where you will handle that user logout.\n[block:callout]\n{\n  \"type\": \"warning\",\n  \"title\": \"Logout webhook on localhost\",\n  \"body\": \"With a web-accessible domain, Clef's server can trigger your logout hook on its own, but if you're developing on localhost, we won't be able to reach your server.\\n\\nLuckily, we've provided [some simple tools](/v1.0/docs/testing-logout-hooks) to help you test your logout hook.\"\n}\n[/block]\n\n## Database logout\n\nIn most web applications, user information (which verifies that a user is logged in) is stored in the session. Therefore, to log a user out, you simply clear this information from the session. With Logout with Clef, you must add an additional database logout check.\n\nBecause the webhook does not have access to the user session, you must **store a logout timestamp in your database user model** and verify on every request whether the user session has been invalidated by it.\n\n## Timestamped logins\n\nIn order to verify whether a user session is still valid in a database logout scenario, every user login must be timestamped. To do this, when you initiate a user authentication session by storing identifying information (like a user ID) in the session, you must also include a timestamp, which you can compare to the database logout timestamp.\n\n# Next up\nNow that you've learned how logout with Clef works, you're ready to get started on the [implementation](/v1.0/docs/handling-the-logout-webhook).\n\n[block:html]\n{\n  \"html\": \"<div></div>\\n<a class=\\\"clef-button blue\\\" href=\\\"/v1.0/docs/handling-the-logout-webhook\\\">Go to the next section</a>\\n<style></style>\"\n}\n[/block]","excerpt":"By integrating with Clef Logout, you put your users in control: single-sign-off is the best way for your users to manage their online identities.","slug":"overview","type":"basic","title":"Logout hook overview"}

Logout hook overview

By integrating with Clef Logout, you put your users in control: single-sign-off is the best way for your users to manage their online identities.

# What is logout with Clef? Logout with Clef allows users to have complete control over their authentication sessions. With Logout with Clef, instead of users individually logging out of each site, they **log out once and are automatically logged out of every site** they used Clef to log into. [block:callout] { "type": "info", "title": "Logout on the web today", "body": "The way the web works, users maintain an individual authentication session with every site they visit. When a user logs in to site A, they must also at some point log out of site A. Same thing with site B, C, and D — it can get overwhelming.\n\nSingle-sign-on solutions like Log in with Clef provide a solution to one half of this problem: by authenticating you once in a secure fashion, Clef, and other single-sign-on providers, make it so logging into site A, also logs you into site B, C, and D (when you log into any site with Clef, you're logged into every other Clef supported site in a single click).\n\nUnfortunately, other single sign on providers haven't solved the other half — users are still forced to sign out of site A, then sign out of site B, then C, then D. Logout with Clef allows users to log out of all of their sites with a single click." } [/block] # Key concepts ## Logout webhook With Logout with Clef, we notify your web application when a user logs out. We call this notification a webhook. [block:callout] { "type": "warning", "title": "What is a webhook?", "body": "Webhooks are \"user-defined HTTP callbacks\". They are usually triggered by some event, such as pushing code to a repository or a comment being posted to a blog. When that event occurs, the source site makes an HTTP request to the URI configured for the webhook. Users can configure them to cause events on one site to invoke behaviour on another.\n\n— *[Wikipedia](http://en.wikipedia.org/wiki/Webhook)*" } [/block] Whenever a user logs out of your application after logging in with Clef, we'll send a POST request to a webhook URL you specify, where you will handle that user logout. [block:callout] { "type": "warning", "title": "Logout webhook on localhost", "body": "With a web-accessible domain, Clef's server can trigger your logout hook on its own, but if you're developing on localhost, we won't be able to reach your server.\n\nLuckily, we've provided [some simple tools](/v1.0/docs/testing-logout-hooks) to help you test your logout hook." } [/block] ## Database logout In most web applications, user information (which verifies that a user is logged in) is stored in the session. Therefore, to log a user out, you simply clear this information from the session. With Logout with Clef, you must add an additional database logout check. Because the webhook does not have access to the user session, you must **store a logout timestamp in your database user model** and verify on every request whether the user session has been invalidated by it. ## Timestamped logins In order to verify whether a user session is still valid in a database logout scenario, every user login must be timestamped. To do this, when you initiate a user authentication session by storing identifying information (like a user ID) in the session, you must also include a timestamp, which you can compare to the database logout timestamp. # Next up Now that you've learned how logout with Clef works, you're ready to get started on the [implementation](/v1.0/docs/handling-the-logout-webhook). [block:html] { "html": "<div></div>\n<a class=\"clef-button blue\" href=\"/v1.0/docs/handling-the-logout-webhook\">Go to the next section</a>\n<style></style>" } [/block]