The session management endpoint provided with the OAuth 2.0 and OIDC implementation is proprietary. This endpoint allows clients to delete tokens and sessions associated with the client or user.
Every call to the /session or /sessions endpoint requires a valid access token.