Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID
DELETE/admin/oauth2/auth/sessions/login
This endpoint invalidates authentication sessions. After revoking the authentication session(s), the subject has to re-authenticate at the Ory OAuth2 Provider. This endpoint does not invalidate any tokens.
If you send the subject in a query param, all authentication sessions that belong to that subject are revoked. No OpenID Connect Front- or Back-channel logout is performed in this case.
Alternatively, you can send a SessionID via sid query param, in which case, only the session that is connected to that SessionID
is revoked. OpenID Connect Back-channel logout is performed in this case.
When using Ory for the identity provider, the login provider will also invalidate the session cookie.
Request
Responses
- 204
- default
Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 201.
errorOAuth2