Logout

POST

/auth/logout

Logout user by revoking refresh token.

Marks the refresh token as revoked so it cannot be reused. Uses cryptographic verification instead of re-hashing to find the token.

Args: request: Logout request with refresh token http_request: HTTP request object (for audit logging) db: Database session

Returns: Confirmation message (always succeeds, never reveals token validity)

Request Body^required

LogoutRequest

Request schema for logout.

object

refresh_token

required

Refresh Token

Refresh token to revoke

string

Responses

200

Successful Response

LogoutResponse

Logout response.

object

message

Message

string

default: Logged out successfully

422

Validation Error

HTTPValidationError

object

detail

Detail

Array<object>

ValidationError

object

loc

required

Location

Array

msg

required

Message

string

type

required

Error Type

string

input

Input

ctx

Context

object

Logout

Request Body required

Responses

200

422

Request Body^required