Auth
Log out
End the session and revoke the current access token.
POST
Invalidates the refresh session, blacklists the current access token in Redis for the remainder of its lifetime, and clears the auth cookies. Authenticated endpoint — send the access token as
Authorization: Bearer <token> (or rely on the token cookie).
