ContextQMD
Back to Content

IdentityCredential: disconnect() static method

files/en-us/web/api/identitycredential/disconnect_static/index.md

latest3.6 KB
Original Source

{{APIRef("FedCM API")}}{{SeeCompatTable}}{{SecureContext_Header}}

The disconnect() static method of the {{domxref("IdentityCredential")}} interface disconnects a specified federated sign-in account from the {{glossary("Identity provider", "IdP")}} used to obtain the credential.

Afterwards, using that account for federated login requires starting the federated sign-in process again.

Syntax

js-nolint
IdentityCredential.disconnect(options)

Parameters

  • options
    • : An options object, which can contain the following properties:
      • accountHint
        • : A string specifying an account hint that the IdP uses to identify the account to disconnect. The hint can be an arbitrary string as long as the disconnect endpoint can identify the account — for example an email address or user ID. This will not necessarily match the account ID provided by the accounts list endpoint.
      • clientId
        • : A string specifying the {{glossary("Relying party", "RP")}}'s client identifier, as specified in the providers clientId property during sign-in.
      • configURL
        • : A string specifying the config file URL of the IdP, as specified in the providers configURL property during sign-in.

Return value

A {{jsxref("Promise")}} that fulfills with {{jsxref("undefined")}}.

Exceptions

  • InvalidStateError {{domxref("DOMException")}}
    • : Thrown if:
      • The IdP's configURL is invalid or missing the disconnect_endpoint.
      • The document's origin does not match the configURL.
  • NetworkError {{domxref("DOMException")}}
    • : Thrown if:
      • The browser is unable to connect to the IdP.
      • The request is disallowed by a connect-src {{httpheader("Content-Security-Policy")}}.
      • Another disconnect() call was previously made that has not yet resolved.
      • The FedCM API has been disabled globally.
      • The IdP's configURL is neither secure nor potentially trustworthy.
  • NotAllowedError {{domxref("DOMException")}}
    • : Thrown if the embedding <iframe> does not have an {{httpheader("Permissions-Policy/identity-credentials-get", "identity-credentials-get")}} Permissions-Policy set to allow the use of disconnect() or if the FedCM API is disabled globally by a policy set on the top-level document.

Examples

Basic disconnect() usage

The RP may disconnect a specified federated sign-in account from the associated IdP by invoking disconnect(). This function can be called from a top-level RP frame.

js
IdentityCredential.disconnect({
  configURL: "https://idp.example.com/config.json",
  clientId: "rp123",
  accountHint: "account456",
});

For a disconnect() call to work, the IdP must include a disconnect_endpoint in its config file. See The disconnect endpoint for more details of the underlying HTTP communication.

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also