LOGOUT

Mark endpoint as a sign-out endpoint.

Keywords

logout, signout

Syntax

logout

Logout Endpoint Behavior

When an endpoint is marked with logout, NpgsqlRest executes the sign-out operation after running the function.

Void Functions

If the function returns void, NpgsqlRest simply:

1. Executes the function
2. Calls sign-out on all authentication schemes
3. Completes the response

Functions with Return Values

If the function returns values, all returned values are interpreted as authentication scheme names to sign out from. This allows selective logout from specific schemes.

• Single values are added as scheme names
• Arrays are expanded - each element becomes a scheme name
• NULL values are ignored
• If no schemes are returned (empty result), signs out from all schemes

This is useful when using multiple authentication schemes (e.g., Cookie and Bearer Token) and you want to sign out from only specific ones.

Examples

Basic Logout (Void)

create function signout()
returns void
language sql
as $$
  -- Optionally perform cleanup
  delete from sessions where user_id = current_user_id()
$$;

comment on function signout() is
'HTTP POST
logout
authorize';

Signs out from all authentication schemes.

Logout from Specific Scheme

create function logout_cookie()
returns text
language sql
as $$
  select 'Cookies'::text
$$;

comment on function logout_cookie() is
'HTTP POST /auth/logout/cookie
logout
authorize';

Signs out only from the "Cookies" authentication scheme.

Logout from Multiple Schemes

create function logout_web()
returns text[]
language sql
as $$
  select array['Cookies', 'Bearer']::text[]
$$;

comment on function logout_web() is
'HTTP POST /auth/logout/web
logout
authorize';

Signs out from both "Cookies" and "Bearer" schemes.

Conditional Scheme Logout

create function smart_logout(_scheme text default null)
returns text
language sql
as $$
  select _scheme  -- Returns NULL to logout from all, or specific scheme
$$;

comment on function smart_logout(text) is
'HTTP POST /auth/logout
logout
authorize';

• POST /auth/logout → Signs out from all schemes
• POST /auth/logout?_scheme=Cookies → Signs out only from Cookies

Logout with Cleanup

create function full_logout()
returns void
language plpgsql
as $$
begin
  -- Revoke all refresh tokens for this user
  delete from refresh_tokens where user_id = current_user_id();

  -- Log the logout event
  insert into audit_log(user_id, action)
  values (current_user_id(), 'logout');
end;
$$;

comment on function full_logout() is
'HTTP POST
logout
authorize';

Related

• Authentication configuration - Configure authentication schemes
• Authentication Options configuration - Configure logout behavior
• Comment Annotations Guide - How annotations work
• Configuration Guide - How configuration works

Related Annotations

• LOGIN - Mark as sign-in endpoint
• AUTHORIZE - Require authentication