OAuth and OIDC session management

The session management endpoint provided with the Airlock IAM OAuth 2.0 and OIDC implementation is proprietary. This endpoint allows clients to delete tokens and sessions associated with the client or user.

Every call to the /session or /sessions endpoint requires a valid access token.

Session self-management

The functions under the /session path will consider only the current session.

Available functions:
Query the current session ID.

The following functions are only available if the authorization server's session management endpoint has been configured to support custom attributes.

Available functions:
Update the session.
Log out current session.

In case of an account lock, the OAuth session can be automatically terminated. See Cleanup on user lock for details.

Session management

The functions under the /sessions path will consider all the user sessions for one authorization server.

Available functions:
Query all sessions of a user.
Log out the user from one specific session.
Log out the user from all sessions.
Log out the user from all sessions BUT the current one.

Further information and links

Internal links:
For use case examples with requests and responses, see session management usage.
For more information on the OIDC session management standard, see OpenID Connect Session Management 1.0 overview.
Cleanup OAuth session tokens on user lock