Skip to main content

Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID

DELETE 

/admin/oauth2/auth/sessions/login

This endpoint invalidates authentication sessions. After revoking the authentication session(s), the subject has to re-authenticate at the Ory OAuth2 Provider. This endpoint does not invalidate any tokens.

If you send the subject in a query param, all authentication sessions that belong to that subject are revoked. No OpenID Connect Front- or Back-channel logout is performed in this case.

Alternatively, you can send a SessionID via sid query param, in which case, only the session that is connected to that SessionID is revoked. OpenID Connect Back-channel logout is performed in this case.

When using Ory for the identity provider, the login provider will also invalidate the session cookie.

Request

Responses

Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.