crypto-trader-api/org.cryptotrader.api.controller/AuthController/logout

logout

@PostMapping(value = "/logout")

open fun logout(@RequestHeader(value = "DPoP", required = false) dpopProof: String, request: HttpServletRequest): ResponseEntity<AuthResponse>

Log out and end the session. What happens: - Requires a DPoP proof (so only the real browser can end the session). - Revokes the refresh token family and clears the HttpOnly cookie. - Blacklists the current access token until it expires.

open fun ~~logout~~(): ResponseEntity<AuthResponse>

Deprecated (for removal)

Overload without DPoP or request argument for tests.