Hi Ory Community, I wanna logout from all my OIDC apps that connected with OIDC via Hydra, I use Go code like below: _, err := ory.OAuth2API.RevokeOAuth2ConsentSessions(ctx). Subject(subject). All(true). Execute() and _, err = ory.OAuth2API.RevokeOAuth2LoginSessions(ctx). Subject(subject). Execute() But after logging out of my main site, my apps are still logged in. Is there a way to handle it properly?

revoking oauth2 consent sessions is not the same thing as logout!

You're calling administrative session revocation APIs, not OIDC logout. Revoking consent/login sessions server-side doesn't trigger logout callbacks to your apps.

Correct Approach: Redirect user to Hydra's OIDC logout endpoint:

Copy code

GET /oauth2/sessions/logout?id_token_hint={token}&post_logout_redirect_uri={uri}

This triggers OIDC logout protocol, notifying apps via their registered callbacks.

(must be configured per client):

1.

frontchannel_logout_uri

- Hydra sends browser redirects to this URL

2.

backchannel_logout_uri

- Hydra POSTs logout tokens here (async)

please read the section about logout in this blogpost to understand this better: https://www.ory.com/blog/oauth2-openid-connect-do-you-need-use-cases-examples

Hi @magnificent-energy-493 Thank you for your response It seems that this URL https://www.ory.com/blog/oauth2-openid-connect-do-you-need-use-cases-examples is currently not working with an error 500 Is there any other source to read for this topic?