The logout endpoint ends the current user’s session by revoking all active tokens associated with their account — not just the token used in the request. Both the access token and the refresh token are marked as expired and revoked in the database, preventing them from being used for any further authenticated requests. After a successful logout the Security context is cleared server-side and the client should discard both tokens locally.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CristianRR94/springCommunity/llms.txt
Use this file to discover all available pages before exploring further.
Endpoint
Authorization header.
Request Headers
Must be in the format
Bearer <accessToken> where <accessToken> is the access_token value received from a previous /auth/login, /auth/crear, or /auth/refresh response.Response
A200 OK response with an empty body on success. No JSON payload is returned.
Error Responses
| Status | Condition |
|---|---|
401 Unauthorized | The Authorization header is missing, the token does not start with Bearer , the token has an invalid signature, or the token has already been revoked or expired. |
Error Response Body
curl Example
Logout revokes all active tokens for the user, including the refresh token. The client must discard both the
access_token and refresh_token from local storage after calling this endpoint. Attempting to call /auth/refresh with the old refresh token after logout will result in a 500 Internal Server Error response because the token is marked as revoked in the database.