Revocation Endpoint

OAuth 2.0 core specification [RFC6749] defines several ways for a client to obtain refresh and access tokens. Revocation endpoint provides mechanism to revoke both these tokens.

Kong OIDC plugin supports revocation endpoint call, where OIDC plugin will call the IDP at the revocation endpoint to revoke the tokens by passing the ID token as hint.

End Session Endpoint

The end session endpoint can be used to trigger single sign-out

To use the end session endpoint a client application will redirect the user’s browser to the end session URL.

Kong OIDC plugin send back a redirect with a 302 to trigger a redirect with the ID token as hint so that the calling application can perform the logout using the redirect.