The session management endpoint provided with the AS-centric OAuth 2.0 and OIDC implementation is proprietary. This endpoint allows clients to delete tokens and sessions associated with the client or user.
Every call to the /session or /sessions endpoint requires a valid access token.