Session management

The session management endpoint provided with the OAuth 2.0 and OIDC implementation is proprietary. This endpoint allows clients to delete tokens and sessions associated with the client or user.

Every call to the /session or /sessions endpoint requires a valid access token.

The functions under the /session path will consider only the current session.

• Available functions:
• Query the current session ID

The following functions are only available if the authorization server's session management endpoint has been configured to support custom attributes.

• Available functions:
• Update the session
• Logout current session

The functions under the "/sessions" path will consider all the sessions of the user for one authorization server.

• Available functions:
• Query all sessions of a user
• Logout the user from ONE specific session
• Logout the user from ALL sessions
• Logout the user from ALL sessions BUT the current one

• Some use case examples with requests and responses are given here: session management usage
• See OpenID Connect Session Management 1.0 overview for more information on the OIDC session management standard.