--- tags: API SPEC --- Auth Single Logout APIs SPEC === ## Single Logout Webhook ### Stateful Requirement Create a DB column to store user latest expired time | User ID | Expired time | | -------- | ------------ | | 1 | 1598507049094| | 2 | 0 | | 3 | 1598507397393| ### Target Let Auth server can update user's `Expired time` ### Expect Input #### Header - Authorization: User SSO Token #### Body ```javascript= { "exp": 1598507397393.13551 // UNIX timestamp } ``` ### Expect Output ==HTTP 200== ## Single Logout API ### Target Let any user can apply single logout in your service ### Flow  ### How to Create a API to call [Auth Single Logout API](https://hackmd.io/eJJxp-NbSHyJjPEqf3c7-Q?view#User-logout) with the user's token ## Support Token Expire ### Flow  ### Python Pseudocode ```python=3 payload = jwt.decode(token, SSO_SECRET) email = payload.get('email') issue_time = payload.get('time', default=0) user = User.objects.get(email=email) if user.expired_time > issue_time: return Response(status=HTTP_401) ```