Invalidate user's Auth0 session programmatically

Hi Team,

I am checking the capabilities of Auth0 for various use cases and need help on Auth0’s session. Below is the scenario

  1. User accessing the application on Google chrome - Logs to the OAuth application integrated with Auth0 by providing username and password.
  2. The same user is now accessing the application on Edge - Logs to the OAuth application integrated with Auth0 by providing a username and password.

What I want is once the user executes point#2, I want to kill the session created on Google chrome. So, I have below questions related to the solution -

  1. Is it possible to invalidate the user’s Auth0 session programmatically?
  2. Is there a way in Auth0 where I can check if the user has any existing active Auth0 sessions or not?
  3. Does Auth0 provide any API to check if the given session(by passing session_id from the logs of the user) is valid?

I have gone through the Auth0 authentication API document, and it states the user’s Auth0 session could be invalidated by redirecting it to https://domain/v2/logout endpoint on the browser.

1 Like

Hello @rajesh.k.2341991!

Hopefully I have some answers to your questions.

  1. There is a way to terminate a session using the Auth0 API for Delete session. This does require the ID of the session to delete.

  2. The API call to get the sessions of a user is in Get sessions for user. This requires the ID of the user you wish to search.

  3. There is also a way to check for a valid session through Get session. This requires the ID of the session and the response code should let you know what you need to know about the session.

Let me know if this helps or if you have any other questions!

Best,
Alex