I am trying to follow the OpenID connect protocol to log a user out of gluu when they logout from my site. To the end_session endpoint, I am trying to send the id_token received earlier as the id_token_hint. But when I do this, I get an invalid request error from gluu. {"error":"invalid_request","error_description":"The request is missing a required parameter, includes an unsupported parameter or parameter value, repeats a parameter, or is otherwise malformed."} in the oxauth.log file I am seeing this same line with this idtokenhint listed: 2015-04-01 18:52:00,100 DEBUG [xdi.oxauth.session.ws.rs.EndSessionRestWebServiceImpl] Attempting to end session, idTokenHint: eyJ0eXAiOiJKV1MiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczovL2F1dGgubGRzLm5ldCIsImF1ZCI6IkAhRUZGRi5CMUIxLjM2NDguMzAyMSEwMDAxIUQ1OTUuQ0Q0NSEwMDA4IUExMzguRkE1NyIsImV4cCI6MTQyNzkxNzg5NiwiaWF0IjoxNDI3OTE0Mjk2LCJzdWIiOiJAIUVGRkYuQjFCMS4zNjQ4LjMwMjEhMDAwMSFENTk1LkNENDUhMDAwMCE3RURCLjQ3MEEiLCJhdF9oYXNoIjoidUJuX0lBTl9UTFB0cWJWRkFvZ1BzZyIsIm94VmFsaWRhdGlvblVSSSI6Imh0dHBzOi8vYXV0aC5sZHMubmV0L294YXV0aC9vcGlmcmFtZS5zZWFtIiwib3hPcGVuSURDb25uZWN0VmVyc2lvbiI6Im9wZW5pZGNvbm5lY3QtMS4wIn0.cnkYC5Q8AqY4WvlgywDygesvucZlXYRSFGODIfaf13A, postLogoutRedirectUri: null, sessionId: null, Is Secure = true and then followed by these lines in the oxauth.log file: 2015-04-01 18:52:00,100 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Looking for the error with id: invalid_request 2015-04-01 18:52:00,101 DEBUG [org.xdi.oxauth.model.error.ErrorResponseFactory] Found error, id: invalid_request I need to know a way to look up a idtokenhint for a logged in user to verify that my code is using the right information in my logout request. I previously had information in that request indicating the postLogoutURi but I was still getting the exact same errors. Is there something else that I am missing? Is the id_token field the correct one to send back?