diff --git a/plugins/auth-node/src/oauth/index.ts b/plugins/auth-node/src/oauth/index.ts
index 9cff6c5358..afc6faa27e 100644
--- a/plugins/auth-node/src/oauth/index.ts
+++ b/plugins/auth-node/src/oauth/index.ts
@@ -37,6 +37,7 @@ export {
   type OAuthAuthenticator,
   type OAuthAuthenticatorAuthenticateInput,
   type OAuthAuthenticatorLogoutInput,
+  type OAuthAuthenticatorLogoutResult,
   type OAuthAuthenticatorRefreshInput,
   type OAuthAuthenticatorResult,
   type OAuthAuthenticatorScopeOptions,
diff --git a/plugins/auth-node/src/oauth/types.ts b/plugins/auth-node/src/oauth/types.ts
index 50d81f99dc..968ffac39e 100644
--- a/plugins/auth-node/src/oauth/types.ts
+++ b/plugins/auth-node/src/oauth/types.ts
@@ -76,6 +76,16 @@ export interface OAuthAuthenticatorLogoutInput {
   req: Request;
 }
 
+/** @public */
+export interface OAuthAuthenticatorLogoutResult {
+  /**
+   * If set, the frontend will redirect the browser to this URL after clearing
+   * the Backstage session. Use this to terminate provider-side sessions (e.g.
+   * Auth0's `/v2/logout` endpoint).
+   */
+  logoutUrl?: string;
+}
+
 /** @public */
 export interface OAuthAuthenticatorResult<TProfile> {
   fullProfile: TProfile;
@@ -101,7 +111,10 @@ export interface OAuthAuthenticator<TContext, TProfile> {
     input: OAuthAuthenticatorRefreshInput,
     ctx: TContext,
   ): Promise<OAuthAuthenticatorResult<TProfile>>;
-  logout?(input: OAuthAuthenticatorLogoutInput, ctx: TContext): Promise<void>;
+  logout?(
+    input: OAuthAuthenticatorLogoutInput,
+    ctx: TContext,
+  ): Promise<void | OAuthAuthenticatorLogoutResult>;
 }
 
 /** @public */