Logout and Token Revocation
OIDC Web supports standard token revocation and logout.
Token Revocation
Revoke a token (RFC 7009) at the revocation endpoint:
curl -s -X POST "$BASE/oidc/v1/token/revoke" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d token=<access_token> \
-d client_id=$CLIENT_ID \
-d client_secret=<client_secret>
Logout
OIDC Web exposes a logout endpoint ($BASE/oidc/v1/logout). For clients configured with logout URIs, OIDC Web supports front-channel and back-channel logout notifications. Configure these URIs at registration time (see Registering Your Application).