What is the correct way to logout using the package?

I have verified that the issue is that the identity server cookies are not being sent with the request to /oidc/logout.

If if invoke the /oidc/logout endpoint directly in the browser, I can see the cookies being sent, and the logout proceedss correctly and the cookies are destroyed.

Since my app is running on a different domain (e.g. app.abc.org) to the id server (e.g. id.abc.org), I need to ensure the cookies are passed with the logout request.

I realise that this is really an http package question (and I can ask it in that forum if you prefer), but do I need to do anything in the script to make this happen, or should they be included automatically?

Just to close out this thread. I have finally received confirmation from the WSO2 suport folks that they currently only support browser-based logout, so any attempts to do it from within the client lirary are doomed to fail. This may change in the future, but for now an explicit browser-based redirection is the only solution.

Many thanks for your help, and particularly for adding the token revocation.

To better round out this thread, can you explain how to log a user out of the server as well? ResetAccessToken works just fine to 'unauthorize' a user but I've found for my application that I need to log the user out of the server as well. I'm working with 37signals (Basecamp 3 to be precise). Any insight would be appreciated, thank you!