Problem logout using Fortiauthenticator OAUTH2 service

agrillea · ‎03-09-2025

Good morning, I urgently need help.
In one of my web applications I implemented oauth2 authentication using the OAUTH2 service present in FortiAuthenticator v6.6.1 via REST API, so I configured a confidential type relying party, openid type scope and some claims. The entire OAuth2 flow works well in the sense that I authenticate myself and the token is released to me but I would like to know how to log out. The log out is not documented in the documentation. I would like to know how to log out and have the cookie deleted with some command. The only way I get this effect is to delete the server history. Is there a way to do it or is it not provided??? Thanks in advance

Jean-Philippe_P · ‎03-12-2025

Hello agrillea,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Jean-Philippe - Fortinet Community Team

Jean-Philippe_P · ‎03-13-2025

Hello,

We are still looking for an answer to your question.

We will come back to you ASAP.

Thanks,

Jean-Philippe - Fortinet Community Team

agrillea · ‎03-13-2025

Maybe I found the solution but I wanted to have confirmation from you. In practice to log out via the rest api I first revoke the token and then log in again. This way it seems to work....but since it is not documented I wanted to know if it was correct. Thanks

Markus_M · ‎03-14-2025

Hi agrillea,

I think the method you have there, is good. The oauth logout endpoint on the API seems to not exist. What might help in addition (not answering your question) is the token expiry timer which by default sits at 10h. If you have automated accesses only, you could potentially work with lower timers, like 5 minutes or so.

Best regards,

Markus

Problem logout using Fortiauthenticator OAUTH2 service

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website