hydra: Admin endpoint to delete the sessions and trigger backchannel logout for a subject

Is your feature request related to a problem? Please describe.

There are cases that we need to force log out a user from all the first-party client applications, e.g., when users reset their password or admins of the account want to revoke a user from a firm. Hydra already has an endpoint that allows us to delete the existing sessions for a specific user from Hydra, but per documentation:

will require the user to re-authenticate when performing the next OAuth 2.0 Authorize Code Flow

The documentation explicitly says that

This endpoint is not compatible with OpenID Connect Front-/Backchannel logout and does not revoke any tokens.

What I am looking for is to invalidate all the existing sessions in the client applications, that have the backchannel logout implemented, immediately (not on next flow execution).

Describe the solution you’d like

Add an additional parameter (e.g., trigger_logout=true) to the existing endpoint that allows us to trigger a backchannel logout once the subject’s sessions are removed.

Describe alternatives you’ve considered

• Add a new endpoint to the API: functionality has some overlap with the existing API endpoint. I am not sure if that is a good idea.

Additional context

I have already had a discussion about this issue on the forum.