I'm rather new to omniauth. I'm working on an existing application that uses omniauth-cas and devise. I've been asked to provide a control that will not only log out of the current application, but invalidate the CAS ticket-granting ticket, so that any new attempt to access CAS-authenticated services results in a new login prompt.
Since omniauth-cas defines an option 'logout_url', I naturally thought there must be some way to get the plugin to do the logout. Eventually I just grepped through the omniauth-cas code and discovered that this string appears exactly twice: once to define the option, and once in the README. Am I missing something, or is this option really not used at all?
(What I was hoping to find: that omniauth defines a generic "remote logout" path which invokes strategies supporting it to do whatever they must do to ensure that the current single-signon session will not be subsequently usable to create a new local session at any service. This would obviate the code needing to figure out which strategy the current user employed and what to do about remote logout. Alas, I haven't found such a thing. No, I don't mean "single sign out", at least, not as CAS defines it.)