HTTP Example:POST /realms/{realm}/tokens/logout
Authorization: …
|
Logout a session via a non-browser invocation. Similar signature to refresh token except there is no grant_type.
You must pass in the refresh token and
authenticate the client if it is not public.
If the client is a confidential client
you must include the client-id (application name or oauth client name) and secret in an Basic Auth Authorization header.
If the client is a public client, then you must include a "client_id" form parameter with the app's or oauth client's name.
returns 204 if successful, 400 if not with a json error response. - Input:
- javax.ws.rs.core.MultivaluedMap<String,String>
- Output:
- javax.ws.rs.core.Response -
- Header parameters:
- Authorization
- Consumes:
- application/x-www-form-urlencoded
|