There’s currently no session management API available for Auth0, though it’s on the roadmap / under development (no ETA).
Regarding
It should in my opinion, because it would be easy for you to expire all the authentication tokens
Access tokens are self-contained JWT, no token introspection, so there’s no way to revoke / expire an access token. Therefore access tokens should be short-lived. It’s only possible to revoke refresh tokens.