I'm currently using Aha as the ideas portal for all of our users and am automatically signing them in with SSO/JWT when they access the idea portal page. This works great! However, I noted that, per the JWT help article here, that signout requires an actual browser load operation and is not currently accessible from the API. This doesn't work for me, as it's possible a user is "signing out" of Aha through another service.
For example, a user signs into our website. That user then navigates to our ideas portal, where they are automatically signed on through JWT. Now, imagine they go to another one of our services and then back to our homepage, and then choose to sign out. I should be able to, at that moment, send a simple GET request to an Aha endpoint to log the user out of the ideas portal as well. Right now though, that signout action would have to redirect to the Aha URL, even if the user isn't even looking at Aha.
I think a great reference implementation for this is how Discourse does SSO. They provide a login/logout endpoint and allow you to remotely logout users without requiring them to be on the actual site.