Invalidate user's Auth0 session programmatically

Hi Team,

I am checking the capabilities of Auth0 for various use cases and need help on Auth0’s session. Below is the scenario

  1. User accessing the application on Google chrome - Logs to the OAuth application integrated with Auth0 by providing username and password.
  2. The same user is now accessing the application on Edge - Logs to the OAuth application integrated with Auth0 by providing a username and password.

What I want is once the user executes point#2, I want to kill the session created on Google chrome. So, I have below questions related to the solution -

  1. Is it possible to invalidate the user’s Auth0 session programmatically?
  2. Is there a way in Auth0 where I can check if the user has any existing active Auth0 sessions or not?
  3. Does Auth0 provide any API to check if the given session(by passing session_id from the logs of the user) is valid?

I have gone through the Auth0 authentication API document, and it states the user’s Auth0 session could be invalidated by redirecting it to https://domain/v2/logout endpoint on the browser.

1 Like