I'm working on an OpenID Connect implementation, that is going to work as a single sign-on for multiple applications. I get how to sign out a user from a single application or simply revoke refresh tokens for further renewal of access tokens. But from looking at Google's implementation; when you sign out from Gmail you are immediately signed out from all other Google apps like; YouTube, Google + etc.
How is such behavior accomplished?
OpenID has the concept of single sign out - but the spec is still in draft:
http://openid.net/specs/openid-connect-session-1_0.html
IdentityServer v3 does not implement this spec right now - but it is planned for RTM.