Sign Out
Endpoint
URL: /:projectId/auth/sign-out
Method: POST
Authentication Required: No
Description
Signs the user out by deleting the refresh token from the database and clearing the HttpOnly cookie. Accepts the refresh token from either the request body or cookie.
Request
Headers
| Header | Type | Required | Description |
|---|---|---|---|
Cookie | string | No | Can include replyke-refresh-jwt cookie |
Body Parameters
| Field | Type | Required | Description |
|---|---|---|---|
refreshToken | string | No | JWT refresh token (optional if cookie is present) |
Example Request
{
"refreshToken": "<REFRESH_TOKEN>"
}Response
Success Response (204 No Content)
(No response body)Error Responses
Server Error (500 Internal Server Error)
{
"error": "Internal server error.",
"code": "auth/server-error",
"details": "<Error message>"
}Notes
- If the refresh token is valid, the corresponding token record is deleted.
- If the refresh token is invalid, expired, or missing, 204 is still returned.
- The cookie
replyke-refresh-jwtis cleared if present. - No information is leaked about whether the token existed or was valid.