Signoff and sessions

When the GET /{{envID}}/as/signoff endpoint is invoked, the sign-off operation ends the user’s SSO session, which signs them out of all applications using that session. This endpoint can take an id_token_hint parameter to provide information about the user’s current authenticated session. The session token must be an id_token type to complete the sign-off action successfully.

PingOne sessions have the following characteristics:

For more information, see Signoff in the PingOne Platform API Reference.

Token revocation and sessions

When the POST /{{envID}}/as/revoke endpoint is invoked, the token revocation operation revokes the specified token, but leaves the SSO session intact. This endpoint revokes tokens of type access_token and refresh_token. It does not support revocation of tokens of type id_token.

The tokens to be revoked must be an access_token or refresh_token for a custom resource. Tokens issued for the PingOne API resource may not be revoked.

For more information, see Token Revocation in the PingOne Platform API Reference.