Revokes OAuth 2.0 Login Sessions by either a Subject or a SessionID
This endpoint invalidates authentication sessions. After revoking the authentication session(s), the subject
DELETE /admin/oauth2/auth/sessions/login
This endpoint invalidates authentication sessions. After revoking the authentication session(s), the subject has to re-authenticate at the Ory OAuth2 Provider. This endpoint does not invalidate any tokens.
If you send the subject in a query param, all authentication sessions that belong to that subject are revoked. No OpenID Connect Front- or Back-channel logout is performed in this case.
Alternatively, you can send a SessionID via sid query param, in which case, only the session that is connected
to that SessionID is revoked. OpenID Connect Back-channel logout is performed in this case.
When using Ory for the identity provider, the login provider will also invalidate the session cookie.
Operation ID: revokeOAuth2LoginSessions Tag: oAuth2
Query parameters
| Name | Type | Required | Description |
|---|---|---|---|
subject | string | no | OAuth 2.0 Subject The subject to revoke authentication sessions for. |
sid | string | no | Login Session ID The login session to revoke. |
Responses
| Status | Description | Body |
|---|---|---|
| 204 | Empty responses are sent when, for example, resources are deleted. The HTTP status code for empty responses is typically 204. | - |
| default | errorOAuth2 | application/json, object |
Generated from ../athena/openapi.json at build time.