Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/CristianRR94/springCommunity/llms.txt

Use this file to discover all available pages before exploring further.

The logout endpoint ends the current user’s session by revoking all active tokens associated with their account — not just the token used in the request. Both the access token and the refresh token are marked as expired and revoked in the database, preventing them from being used for any further authenticated requests. After a successful logout the Security context is cleared server-side and the client should discard both tokens locally.

Endpoint

POST /auth/logout
Auth required: A valid ACCESS-type token in the Authorization header.

Request Headers

Authorization
string
required
Must be in the format Bearer <accessToken> where <accessToken> is the access_token value received from a previous /auth/login, /auth/crear, or /auth/refresh response.

Response

A 200 OK response with an empty body on success. No JSON payload is returned.

Error Responses

StatusCondition
401 UnauthorizedThe Authorization header is missing, the token does not start with Bearer , the token has an invalid signature, or the token has already been revoked or expired.

Error Response Body

{
  "status": 401,
  "mensaje": "Token inválido",
  "timestamp": 1700000000000
}

curl Example

curl -X POST http://localhost:8080/auth/logout \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9...your_access_token_here"

Logout revokes all active tokens for the user, including the refresh token. The client must discard both the access_token and refresh_token from local storage after calling this endpoint. Attempting to call /auth/refresh with the old refresh token after logout will result in a 500 Internal Server Error response because the token is marked as revoked in the database.
Because logout is handled by Spring Security’s built-in logout mechanism at /auth/logout, the HTTP method must be POST. Sending a GET or DELETE request to this path will not trigger the logout handler and will return a 403 or 404 response depending on your security configuration.

Build docs developers (and LLMs) love