Developer Programs
Getting Started
Get started working with Jack Henry's developer programs today.
Fintech Integration Network (FIN)
Jack Henry's Integration Program for Fintechs.
Technical Account Manager (TAM)
Get technical integration help from a single point of contact.
Developer Account
Create a developer acccount to access resources that help you integrate with Jack Henry.
Learn
Shared Responsibility
Learn about shared roles and responsibilities of customers and Jack Henry in open banking.
Developer Use Cases
Find a use case that fits your development needs.
Developer Video Gallery
Watch the latest demos, webinars, and more.
Developer Conference
Connect with industry leaders, gain insights from expert speakers, and explore our latest innovations.
Docs
Admin API
Create solutions for an institution's back office support tools.
Authentication Framework
Map customer identities to your existing system IDs.
Consumer API
Access financial data for user accounts, transactions, and more.
Data Hub
Get deeper access to financial institution data.
Digital Core
Modernize with cloud-native core banking technology.
Enterprise Event System
Respond to events in real-time using this powerful pub/sub-based solution.
jXchange - REST API
Translate business information between Jack Henry and 3rd-party apps using a REST-based API.
jXchange - SOAP API
Translate business information between Jack Henry and 3rd-party apps using a SOAP-based API.
Operational Data Integration (ODI)
Get customized queries for bulk data needs.
Payments
Embed check deposits, ACH, bill pay, cards, and real-time payments.
Plugin Framework
Embed the best of the fintech world directly into your user's dashboard.
SymXchange
Query Symitar core member accounts, post transactions, run PowerOn scripts, and more.
Full List of APIs
Begin working with Jack Henry's public APIs to build financial applications today.

Logout

Concepts > Typical Auth Flows > Logout

The OpenID Connect RP-Initiated Logout 1.0 flow is designed to securely end the authenticated web sessions created from the Authorization Code Flow.

Key Concepts and Terminology

  • Client (Application): The app requesting access to user resources, which must include a confidential backend.
    • Confidential Client: Has a secure backend that can safely store credentials.
  • Authorization Server (Jack Henry Authentication Framework): Authenticates the user.
  • Redirect URI: Endpoint in the client’s backend that receives the state after logout.

When to Use Logout Flow

  • Server-side web applications with a backend that can securely store credentials.
  • Mobile or SPAs that interact with their own secure backend (which is the Confidential Client). The frontend never directly calls Jack Henry APIs; instead, it communicates with the backend, which then uses the Authorization Code Flow.

Step-by-Step Logout Flow

sequenceDiagram participant User participant Client_Backend as Confidential Client Backend participant Auth_Server as Jack Henry Authorization Server rect rgb(200, 220, 255) note over User,Auth_Server: Logout Request Client_Backend->>User: Redirect user's browser to Authorization Server
with client_id OR id_token_hint
post_logout_redirect_uri
state User->>Auth_Server: Ensure authenticated and validate parameters Auth_Server->>User: Redirect to provided post_logout_redirect_uri or Auth_Server logout URL (redirect) User->>Client_Backend: Browser redirect with state Client_Backend->>Client_Backend: Validate state parameter and end the user session end

1. Prerequisites

Only applies to authorization code flow authentication and assumes the user has already fully authenticated in that flow. Any post_logout_redirect_uri values must be pre-registered as a callback URL for the application.

2. Logout Request

The client’s backend directs the user’s browser to the Jack Henry Authorization Server. This URL includes:

  • client_id (application identifier) OR id_token_hint (id_token)
  • post_logout_redirect_uri (pre-registered callback URL)
  • state (random string to prevent CSRF attacks—see Authentication Security)

Example URL:

https://API_ENVIRONMENT/LOGOUT_ENDPOINT
 ?client_id=CLIENT_ID
 &post_logout_redirect_uri=CALLBACK_URI
 &state=XYZ

Notes:

  • API_ENVIRONMENT could be something like digital.garden-fi.com
  • LOGOUT_ENDPOINT could be something like /a/consumer/api/v0/oidc/logout

With these two examples, you would send the request to https://digital.garden-fi.com/a/consumer/api/v0/oidc/logout

3. User Prompted to Confirm Logout

The user is prompted to confirm that they intend to log out of the Authorization Server.

4. User Redirected to POST_LOGOUT_REDIRECT_URI

The user is redirected to the provided POST_LOGOUT_REDIRECT_URI. If no POST_LOGOUT_REDIRECT_URI is present, the Authorization Server will redirect the user to its own logout page.

Have a Question?
Did this page help you?
Last updated Thu Feb 26 2026