I am building a FE that is using Directus for auth and have followed the guides on SSO to auth users with google, and it’s working great! I’d like to now let users log out, and I can’t find any docs for how to do this, I assume there might be an endpoint I can call, like /admin/logout that supports a redirect, perhaps /auth/logout?
3 Answers
3Hi, check this Authentication | Directus Docs
Just simply make a request to POST /auth/logout
OR
import { createDirectus, authentication, rest, logout } from '@directus/sdk';
const client = createDirectus('directus_project_url').with(authentication()).with(rest());
// logout using the authentication composable
const result = await client.logout();
// logout http request
const result = await client.request(logout(refresh_token));
edit: I am going to spend a bit more time with the docs: Sso | Directus Docs as I think I am missing some understanding on refresh tokens and local dev, and had missed some parts on this when I skim read it to get something working quickly.
Thank you, really appreciate that reply - I’m still quite new to this, and went through trying this out today with an api/logout route in my app, but it seems this might not do anything as there is no refresh token, as I am using SSO and only have a session cookie?
I can see directus getting the logout call, but I can only see that it returns a 400 (I haven’t looked into debugging sessions further yet, altho I think it might be smart for me to check and document that now).
From my extremely limited experience, it seems the only way would be to have an endpoint, next to the cms and hosted in the same location, that, when a user was authenticated, allowed them to clear their own server session?
Found the fix.
After more than a day of struggle chatting with ChatGPT with trial and error questioning my life decision, I found that I just need to add below as POST request body
{"mode": "session"}
Basically there are 3 modes in directus
- “json“ // more for debugging/testing I guess, no one wants to deal with tokens directly
- “cookie“ // deprecating it by not allowing it in UI
- “session” // the one we should go
and with session, the session token in cookie includes the refresh_token, so you will only see directus_session_token
