Your app needs to accept a POST request with the following params:
username- username of logged in user
roles- users role(s)
access_token- token for API requests
Example callback URL: http://myapp.com/loginCallback
Directing the user to the following URL will POST to the callback URL after login. The callback param must be encoded.
A callback url is also supported for logout. The user will be directed to the callback URL after logout. The callback param must be encoded.
Example callback URL: http://myapp.com/logoutCallback
credit @Matt Sheehan