AS-centric AS - Session management

The session management endpoint provided with the AS-centric OAuth 2.0 and OIDC implementation is proprietary. This endpoint allows clients to delete tokens and sessions associated with the client or user.

Every call to the /session or /sessions endpoint requires a valid access token.

The functions under the /session path will consider only the current session.

• Available functions:
• Query the current session ID

The following functions are only available if the authorization server's session management endpoint has been configured to support custom attributes.

• Available functions:
• Update the session
• Logout current session

The functions under the "/sessions" path will consider all the sessions of the user for one authorization server.

• Available functions:
• Query all sessions of a user
• Logout the user from ONE specific session
• Logout the user from ALL sessions
• Logout the user from ALL sessions BUT the current one

• Some use case examples with requests and responses are given here: AS-centric AS - session management usage
• See OpenID Connect Session Management 1.0 overview for more information on the OIDC session management standard.