The session management endpoint provided with the AS-centric OAuth 2.0 and OIDC implementation is proprietary. This endpoint allows clients to delete tokens and sessions associated with the client or user.
Every call to the /session or /sessions endpoint requires a valid access token.
Session self-management
The functions under the /session path will consider only the current session.
- Available functions:
- ●Query the current session ID
The following functions are only available if the authorization server's session management endpoint has been configured to support custom attributes.
- Available functions:
- ●Update the session
- ●Logout current session
Session management
The functions under the "/sessions" path will consider all the sessions of the user for one authorization server.
- Available functions:
- ●Query all sessions of a user
- ●Logout the user from ONE specific session
- ●Logout the user from ALL sessions
- ●Logout the user from ALL sessions BUT the current one
Further reading
- ●Some use case examples with requests and responses are given here: 13.3.2.5. AS-centric AS - session management usage
- ●See 13.3.1.6. OpenID Connect Session Management 1.0 overview for more information on the OIDC session management standard.