How to check if user session is active from back-end server?

We use auth0-react for our front-end UI and node-auth0 for our back-end. The front-end passes an access token to the back-end to authenticate and authorize any operations.

We only use the session capabilities provided by Auth0 via auth0-react; our system has no separate implementation of “session”.

We would like the back-end to forbid access after a user has logged out.

As per the Knowledge Article “Invalidating an Access Token after User Logout”:

This is why an Application should be configured to check Auth0’s session.

What are some ways that our back-end can check Auth0’s sessions?

I tried using node-auth0’s SessionsManager via ManagementClient (docs), but that seems to only be available on the Enterprise tier.

Thanks!

SDK Versions:

• auth0-react: 2.2.4
• node-auth0: 4.16.0

FYI, a similar question was asked but not answered here: How to check if user session is active from Express API?

Hi @shy.aberman

Welcome to the Auth0 Community!

I’m sorry for the late response. To validate session from the back-channel, our recommended way is to use the GET /api/v2/sessions/{sessionId} Manage User Sessions with Auth0 Management API.

Alternatively, you might find our OIDC Back-Channel Logout feature interesting since it allows your backend to subscribe to logout events. → OIDC Back-Channel Logout

Thanks
Dawid

Thanks for the reply.

To clarify, both possible approaches are only available via the Enterprise pricing tier. How do lesser tiers check if there is a valid Auth0 session?

Thanks!