> ## Documentation Index
> Fetch the complete documentation index at: https://agentclientprotocol.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Logout Method

* Author(s): [@anna239](https://github.com/anna239)

## Elevator pitch

> What are you proposing to change?

Add a `logout` method that allows clients to terminate an authenticated session with an agent. This is the counterpart to the existing `authenticate` method and enables proper session cleanup and credential invalidation.

## Status quo

> How do things work today and what problems does this cause? Why would we change things?

Currently, ACP provides an `authenticate` method for establishing authenticated sessions, but there is no standardized way to:

* Log out of an authenticated session
* Invalidate credentials or tokens
* Signal to the agent that the user wants to end their authenticated state

Users who want to switch accounts, revoke access, or simply log out must rely on:

* Manually clearing credentials outside of ACP
* Agent-specific workarounds

This creates inconsistent user experiences and potential security concerns when credentials should be invalidated but aren't.

## Shiny future

> How will things play out once this feature exists?

Clients will be able to offer a proper "Log out" button that:

1. Cleanly terminates the authenticated session
2. Allows the agent to invalidate tokens/credentials as needed
3. Returns the connection to an unauthenticated state
4. Enables the user to re-authenticate with different credentials

## Implementation details and plan

> Tell me more about your implementation. What is your detailed implementation plan?

### New Method: `logout`

A new method that terminates the current authenticated session.

#### LogoutRequest

```typescript theme={null}
interface LogoutRequest {
  /** Extension metadata */
  _meta?: Record<string, unknown>;
}
```

#### LogoutResponse

```typescript theme={null}
interface LogoutResponse {
  /** Extension metadata */
  _meta?: Record<string, unknown>;
}
```

### Capability Advertisement

The `logout` capability should be advertised within a new `auth` object in `AgentCapabilities`:

```typescript theme={null}
interface AgentCapabilities {
  // ... existing fields ...

  /** Authentication-related capabilities */
  auth?: AgentAuthCapabilities;
}

interface AgentAuthCapabilities {
  /** Extension metadata */
  _meta?: Record<string, unknown>;

  /** Agent supports the logout method. Supply `{}` to indicate support. */
  logout?: LogoutCapabilities;
}

interface LogoutCapabilities {
  /** Extension metadata */
  _meta?: Record<string, unknown>;
}
```

### JSON Schema Additions

```json theme={null}
{
  "$defs": {
    "AgentAuthCapabilities": {
      "description": "Authentication-related capabilities supported by the agent.",
      "properties": {
        "_meta": {
          "additionalProperties": true,
          "type": ["object", "null"]
        },
        "logout": {
          "allOf": [
            {
              "$ref": "#/$defs/LogoutCapabilities"
            }
          ],
          "description": "Whether the agent supports the logout method. Supply `{}` to indicate support."
        }
      },
      "type": "object"
    },
    "LogoutCapabilities": {
      "description": "Logout capabilities supported by the agent. Supply `{}` to indicate support.",
      "properties": {
        "_meta": {
          "additionalProperties": true,
          "type": ["object", "null"]
        }
      },
      "type": "object"
    },
    "LogoutRequest": {
      "description": "Request to terminate the current authenticated session.",
      "properties": {
        "_meta": {
          "additionalProperties": true,
          "type": ["object", "null"]
        }
      },
      "type": "object",
      "x-method": "logout",
      "x-side": "agent"
    },
    "LogoutResponse": {
      "description": "Response to the logout method.",
      "properties": {
        "_meta": {
          "additionalProperties": true,
          "type": ["object", "null"]
        }
      },
      "type": "object",
      "x-method": "logout",
      "x-side": "agent"
    }
  }
}
```

### Example Exchange

**Request:**

```json theme={null}
{
  "jsonrpc": "2.0",
  "id": 1,
  "method": "logout",
  "params": {}
}
```

**Response:**

```json theme={null}
{
  "jsonrpc": "2.0",
  "id": 1,
  "result": {}
}
```

### Behavior

1. **Pre-condition**: The client should only call `logout` if:
   * The agent advertises `auth.logout: {}`

2. **Agent responsibilities**:
   * Invalidate any stored tokens or credentials as appropriate
   * Clean up any session state associated with the authenticated user
   * Return the connection to an unauthenticated state

3. **Post-condition**: After a successful `logout`:
   * Subsequent requests that require authentication should return `auth_required` error
   * The client can call `authenticate` again to establish a new authenticated session

4. **Active sessions**: If there are active sessions when `logout` is called, the agent should either:
   * Terminate them gracefully
   * Throw an `auth_required` error

## Frequently asked questions

> What questions have arisen over the course of authoring this document?

### Should logout affect active sessions?

This is left as implementation-defined. Some agents may want to:

* Automatically terminate all sessions (strict security)
* Keep sessions running

The RFD intentionally does not mandate a specific behavior to allow flexibility.

## Revision history

* 2026-05-17: Moved to Preview.
* 2026-02-02: Initial draft