cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Does the REST API "accounts.logout" log out active users?

grohitg238
Participant

on ‎2023 Mar 01 2:41 PM

1,124

Hello Experts,

Does SAP CDC logs out active user sessions by calling accounts.logout REST API?
I'm passing UID as parameter.

In my case accounts.logout JS API call is working but it terminates current session only.

We are trying on global logout.

E.g., User logged in device 1 & device 2.

Tries to logout from either of device should logout all other active sessions.

If I try the logout REST API from postman or server side sdk, will it logout active site user across all devices?

Your thoughts are much appreciated.

Thanks

Rohit

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

KunalBansal
SAP Champion
SAP Champion
‎2023 Mar 02 7:36 AM

Hi grohitg238,

OOTB functionality works as below:

  1. If it's a REST call, it logout from all devices
  2. if it's a JS will logout from that specific device

In simple terms, the REST API terminates all the sessions, whereas web SDK terminates the active session of that web only. So depending on the use case you need to chose if you want to trigger it locally via a client-side call or globally via a server-side call.

Please refer to business documentation - accounts.logout.

I hope this information was helpful in closing this thread.

Thank you.

Best Regards,

Kunal Bansal, SAP CX Architect

Show replies
Show replies
kajolmaan
Explorer
‎2023 Mar 02 7:15 AM

Hi Rohit,

Yes, accounts.logout will log out the active site user across all devices and terminates any active sessions. However, please note that accounts.logout does not disconnect the user from the social providers.

Kindly refer this link for more reference: accounts.logout REST | SAP Help Portal

BR,

Kajol Maan

Show replies
Show replies
samuelyang
Product and Topic Expert
Product and Topic Expert
‎2023 Mar 10 3:54 AM
0 Kudos

Hi grohitg238

Per documentation accounts.logout logs out the specified user from your site across all devices and terminates any active sessions and revokes any active OIDC refresh tokens.

However it actually depends on the parameters you give when sending the accounts.logout call.

By giving the UID parameter, it logs out all active sessions. However if you give parameters like login_token and authMode etc., it only terminates the current session.

So you have the flexibility to either terminate all sessions or only specific session.

Show replies
Show replies
Ask a Question