Session management
13.3.1.5. AS-centric AS - Session management

The session management endpoint provided with the AS-centric OAuth 2.0 and OIDC implementation is proprietary. This endpoint allows clients to delete tokens and sessions associated with the client or user.

Every call to the /session or /sessions endpoint requires a valid access token.

Session self-management

The functions under the /session path will consider only the current session.

  • Available functions:
  • Query the current session ID

The following functions are only available if the authorization server's session management endpoint has been configured to support custom attributes.

  • Available functions:
  • Update the session
  • Logout current session

Session management

The functions under the "/sessions" path will consider all the sessions of the user for one authorization server.

  • Available functions:
  • Query all sessions of a user
  • Logout the user from ONE specific session
  • Logout the user from ALL sessions
  • Logout the user from ALL sessions BUT the current one

Further reading