Administrative logout server
============================

This plugin add an API to permit to revoke OIDC tokens and SSO sessions from
the session explorer: this permits Session-Explorer to launch logout plugins
including OIDC "Back-Channel-Logout".

Configuration
-------------
To enable it:
Go in Manager, ``General Parameters`` » ``Plugins`` » ``Admin logout server``.
You must set a shared secret.

Usage
-----

Session-Explorer automatically uses it when enabled. You can also use it to revoke
an ``access_token`` or a ``refresh_token`` if the ``revocation_endpoint`` isn't
usable in your case. Launch a ``POST`` request on ``/admintokenrevoke`` with a
``Authorization: Bearer <secret>`` header and using the following parameters:

============== =========== =========================================================================
Parameter      Need        Value
============== =========== =========================================================================
``token``      required    token to revoke
``token_hint`` recommended type of token to revoke: ``refresh_token`` or ``access_token`` or ``SSO``
============== =========== =========================================================================