Logout user session. User must be logged in via a session cookie.
When the logout is initiated by a remote idp, the parameter "initiating_idp" can be supplied. This param will
prevent upstream logout (since the logout procedure has already been started in the remote idp).
initiatingIdp - The alias of the idp initiating the logout.
public javax.ws.rs.core.Response logoutToken()
Logout a session via a non-browser invocation. Similar signature to refresh token except there is no grant_type.
You must pass in the refresh token and
authenticate the client if it is not public.
If the client is a confidential client
you must include the client-id and secret in an Basic Auth Authorization header.
If the client is a public client, then you must include a "client_id" form parameter.
returns 204 if successful, 400 if not with a json error response.