Olympus Documentation What is Olympus Architecture Repo Map License Glossary

Athena API Authentication Athena API Errors Athena API Pagination Athena Settings API SDK Settings API

Environment variables

Sequence diagrams Authorization Code + PKCE Client Credentials (M2M)Refresh token rotation RP-initiated logout Email verification roundtrip Password recovery with HMAC token Social IdP linking MFA step-up to AAL2 Brute-force lockout escalation Athena → Kratos admin Caddy → backend routing Production deploy pipeline Encryption key rotation (zero-downtime)pgAdmin OIDC SSO Claude-driven Daedalus deploy via MCP

ReferenceSequence diagrams

RP-initiated logout

App-initiated end-of-session flow

What's revoked

Kratos session (browser cookie at the CIAM/IAM domain).
Hydra login session for the OAuth2 client.

What's NOT revoked (unless you explicitly revoke)

Active access tokens issued previously. They keep working until expiry.
Refresh tokens. Call /oauth2/revoke separately if needed.

Where to learn more

Integrate, RP-initiated logout
Reference, Hydra accept logout request

Refresh token rotation

Renew access token without re-authenticating

Email verification roundtrip

User confirms control of their email address

On this page

What's revoked What's NOT revoked (unless you explicitly revoke)Where to learn more