naftiko: 1.0.0-alpha2 info: label: Auth0 API — Logout description: 'Auth0 API — Logout. 3 operations. Lead operation: Auth0 Logout a user. Self-contained Naftiko capability covering one Auth0 business surface.' tags: - Auth0 - Logout created: '2026-05-19' modified: '2026-05-19' binds: - namespace: env keys: AUTH0_API_KEY: AUTH0_API_KEY capability: consumes: - type: http namespace: auth0-logout baseUri: '' description: Auth0 API — Logout business capability. Self-contained, no shared references. resources: - name: oidc-logout path: /oidc/logout operations: - name: oidclogout method: GET description: Auth0 Logout a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: id_token_hint in: query type: string description: Previously issued ID Token for the user. This is used to indicate which user to log out. - name: logout_hint in: query type: string description: Optional sid (session ID) value to indicate which user to log out. Should be provided when id_token_hint is not available. - name: post_logout_redirect_uri in: query type: string description: URL to redirect the user after the logout. - name: client_id in: query type: string description: The client_id of your application. - name: federated in: query type: string description: Add this query string parameter to log the user out of their identity provider. - name: state in: query type: string description: An opaque value the applications adds to the initial request that the authorization server includes when redirecting the back to the post_logout_redirect_uri. - name: ui_locales in: query type: string description: Space-delimited list of locales used to constrain the language list for the request. The first locale on the list must match the enabled locale in your tenant. - name: samlp-CLIENT_ID-logout path: /samlp/{CLIENT_ID}/logout operations: - name: samllogout method: POST description: Auth0 Logout a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: CLIENT_ID in: path type: string description: Client ID of your application configured with the SAML2 Web App addon. required: true - name: body in: body type: object description: Request body (JSON). required: true - name: v2-logout path: /v2/logout operations: - name: logout method: GET description: Auth0 Logout a user outputRawFormat: json outputParameters: - name: result type: object value: $. inputParameters: - name: returnTo in: query type: string description: URL to redirect the user after the logout. - name: client_id in: query type: string description: The client_id of your application. - name: federated in: query type: string description: Add this query string parameter to the logout URL, to log the user out of their identity provider, as well. exposes: - type: rest namespace: auth0-logout-rest port: 8080 description: REST adapter for Auth0 API — Logout. One Spectral-compliant resource per consumed operation, prefixed with /v1. resources: - path: /v1/oidc/logout name: oidc-logout description: REST surface for oidc-logout. operations: - method: GET name: oidclogout description: Auth0 Logout a user call: auth0-logout.oidclogout with: id_token_hint: rest.id_token_hint logout_hint: rest.logout_hint post_logout_redirect_uri: rest.post_logout_redirect_uri client_id: rest.client_id federated: rest.federated state: rest.state ui_locales: rest.ui_locales outputParameters: - type: object mapping: $. - path: /v1/samlp/{client-id}/logout name: samlp-client-id-logout description: REST surface for samlp-CLIENT_ID-logout. operations: - method: POST name: samllogout description: Auth0 Logout a user call: auth0-logout.samllogout with: CLIENT_ID: rest.CLIENT_ID body: rest.body outputParameters: - type: object mapping: $. - path: /v1/v2/logout name: v2-logout description: REST surface for v2-logout. operations: - method: GET name: logout description: Auth0 Logout a user call: auth0-logout.logout with: returnTo: rest.returnTo client_id: rest.client_id federated: rest.federated outputParameters: - type: object mapping: $. - type: mcp namespace: auth0-logout-mcp port: 9090 transport: http description: MCP adapter for Auth0 API — Logout. One tool per consumed operation, routed inline through this capability's consumes block. tools: - name: auth0-logout-user description: Auth0 Logout a user hints: readOnly: true destructive: false idempotent: true call: auth0-logout.oidclogout with: id_token_hint: tools.id_token_hint logout_hint: tools.logout_hint post_logout_redirect_uri: tools.post_logout_redirect_uri client_id: tools.client_id federated: tools.federated state: tools.state ui_locales: tools.ui_locales outputParameters: - type: object mapping: $. - name: auth0-logout-user-2 description: Auth0 Logout a user hints: readOnly: false destructive: false idempotent: false call: auth0-logout.samllogout with: CLIENT_ID: tools.CLIENT_ID body: tools.body outputParameters: - type: object mapping: $. - name: auth0-logout-user-3 description: Auth0 Logout a user hints: readOnly: true destructive: false idempotent: true call: auth0-logout.logout with: returnTo: tools.returnTo client_id: tools.client_id federated: tools.federated outputParameters: - type: object mapping: $.