Unable to delete user session via the management API

Hello,

I am attempting to logout a user by deleting the auth0 session via the API. I’ve been able to successfully obtain a token with the client credentials grant on a machine-to-machine request at https://MY_CUSTOM_DOMAIN.com/oauth/token.

My first question is: Why can’t I used my custom domain for the audience, and must use the application domain?

Secondly…

After grabbing the Bearer token I am able to successfully list a users sessions at:
GET /api/v2/users/{user-id}/sessions

However, I am unable to then DELETE a users sessions at
DELETE /api/v2/users/{user-id}/sessions

I get:

{
    "statusCode": 404,
    "error": "Not Found",
    "message": "Not Found"
}

I know my endpoints and user ids are correct.

What could I be doing wrong?

Hi @prudy!

To obtain a Management API access token, you must use the identifier value of the Management API in your tenant (https:/TENANT_NAME.us.auth0.com/api/v2/) as the audience parameter.

Your custom domain is primarily intended for use on authentication pages. Custom domains let you unify the login experience with your own brand, as your users will see a URL that displays your brand as login.YOUR_CUSTOM_DOMAIN.com instead of YOUR_DOMAIN.auth0.com.

Relevant documentation that may prove helpful:

Regarding the 404 error on the DELETE /api/v2/users/{user_id}/sessions endpoint, please see the below:

A 404 error on that endpoint indicates that the user was not found.

Could you kindly do one or both of the following things:

  • Private message me your tenant name and the user_id you’re trying to delete the sessions of so I can take a closer look internally
  • Use either the DELETE /api/v2/sessions/{id} endpoint or the POST /api/v2/sessions/{id}/revoke endpoint to delete/revoke the desired session by the session_id

I look forward to your reply!

Best,

Mary Beth