We were configuring in a post password change action a management api call to delete also all sessions from the current user.
We forgot to add the delete:sessions permission to the application that we used to fetch the management api token and we got a Failure log event saying that the operation failed due to lack of permissions.
However we tried to login again with the same user via Universal Login page and the session was removed. We tried before adding the delete sessions call and the Universal Login found the session doing the same.
Could you please review it, in case there’s something strange here?
Thanks.