@julian Yesterday I found a workaround. I don't think that it is the cleanest way to do it ...
On the wordpres site I make a Curl POST Request:
$req = curl_init(); curl_setopt($req, CURLOPT_URL, "https://forum.example.com/api/v3/plugins/quickstart/<user_slug>?_uid=<admin_uid>"); curl_setopt($req, CURLOPT_PORT , 443); curl_setopt($req, CURLOPT_HTTPHEADER, array("Content-Type: application/json", "Authorization: Bearer <TOKEN>")); $daata = curl_exec($req); if(!curl_errno($req)){ $info = curl_getinfo($req); echo 'Took ' . $info['total_time'] . ' seconds to send a request to ' . $info['url']; } else { echo 'Curl error: ' . curl_error($req); }On the Nodebb plugin I receive the request and connect directly to mongodb and remove the session of the requested user:
routeHelpers.setupApiRoute(router, 'get', '/quickstart/:user_slug', middlewares, async (req, res) => { const uri = "mongodb://<user>:<pass>@<host>:27017"; const client = new MongoClient(uri); const uid = await User.getUidByUserslug(req.params.user_slug); MongoClient.connect(uri, async function(err, db) { if (err) throw err; const dbo = db.db("nodebb"); await dbo.collection("sessions").find({}).forEach(function(doc) { const data = JSON.parse(doc.session); if(data.passport.user == uid) { dbo.collection("sessions").deleteOne({'_id': doc._id}) console.log('Removed'); } }); db.close(); }); helpers.formatApiResponse(200, res, { status: 200, message: 'User successfully logged out.' }); });This way it logs out. I think that there must be another solution for this.