Closes #21 (closed)
This MR implements a logout endpoint that can be used by Hydra. Applications should call the
/oauth2/sessions/logout URL when a user tries to log out of the application. Hydra then creates a logout challenge and redirects the browser to the endpoint implemented in this MR. The code here ends the Hydra and Kratos sessions.
What is not implemented:
- The dashboard should invalidate the JWT token of the dashboard-specific session
- The dashboard should call the
oauth2/sessions/logoutURL after the JWT token has been invalidated.
We could do both in this endpoint. The result would be that when a user clicks logout in any application (for example Nextcloud), their Dashboard session would also be ended.